On 1/30/19 7:57 AM, Nicolas Kovacs wrote:
The tl;dr version of my last post is : Apache is not supposed to show static web pages with a user_tmp_t SELinux context. So why does it show them anyway ?
Policy allows that, currently:
# sesearch -A -s httpd_t -t user_tmp_t Found 15 semantic av rules: allow daemon user_tmp_t : file { getattr append } ; allow httpd_t user_tmp_t : file { ioctl read write getattr lock append map } ; allow domain tmpfile : file { ioctl read getattr lock append open } ; allow httpd_t file_type : dir { getattr search open } ; allow httpd_t user_tmp_t : dir { ioctl read write getattr lock add_name remove_name search open } ; allow httpd_t file_type : filesystem getattr ; allow httpd_t user_home_type : file { ioctl read getattr lock open } ; allow httpd_t user_home_type : dir { getattr search open } ; allow httpd_t user_home_type : dir { ioctl read getattr lock search open } ; allow httpd_t user_home_type : dir { getattr search open } ; allow httpd_t user_home_type : dir { getattr search open } ; allow domain file_type : file map ; allow domain file_type : chr_file map ; allow domain file_type : blk_file map ; allow httpd_t user_home_type : lnk_file { read getattr } ;