On 1/6/2012 6:16 PM, RILINDO FOSTER wrote:
On Jan 6, 2012, at 10:35 AM, Bennett Haselton wrote:
I tried that and it worked -- the httpd processes are now listed with "httpd_t" as their context, the /var/log/audit/audit.log file is listed with auditd_log_t as its type instead if file_t, etc.
I'm pretty sure this machine was never "upgraded to CentOS 5.2", it was just imaged with 5.7 when the hosting company set it up, but SELinux *was* off until I turned it on. So probably the doc should say, if the "system was *installed* with 5.2, then do this" (and presumably it's 5.2 or later, not just 5.2).
Either that, or the base install was an earlier version of Centos 5.x, with SELinux turned off then upgraded to the current version.
- Rilindo
Could be in theory but if the hosting company was provisioning a new machine I don't know why they'd set up an earlier version and then upgrade, instead of just imaging the latest version at the time.
As for the original question -- when the docs say that access is allowed only across "similar types", what determines what counts as "similar types"? How do you know for example that httpd running as type httpd_t can access /var/www/html/robots.txt which has type httpd_sys_content_t?
Bennett