[CentOS] Selinux custom policy issue - Centos 5

Miskell, Craig Craig.Miskell at agresearch.co.nz
Tue Jun 12 20:37:45 UTC 2007


> On Tue, 2007-06-12 at 12:24 +1200, Miskell, Craig wrote:
> > Where file_upload_store_t is one of my custom types.  My 
> local.fc looks
> > like this:
> > /data/spool/blastreq(/.*)?            system_u:object_r:blast_req_t
> > /data/spool/blastres(/.*)?            system_u:object_r:blast_res_t
> > /data/upload(/.*)?
> > system_u:object_r:file_upload_store_t
> > /data/bfiles(/.*)?                    system_u:object_r:bfiles_t
> > /var/www/possumbase/html/imagetemp(/.*)?
> > system_u:object_r:http_image_temp_t
> > /var/www/sheep/html/imagetemp(/.*)?
> > system_u:object_r:http_image_temp_t
> > 
> > And my local.te contains (selected portions only for now):
> > module local 1.1;
> > 
> > require {
> > ...
> >  <various normal requires>
> > ...
> > }
> > type blast_req_t,file_type;
> > allow httpd_sys_script_t blast_req_t:file { create getattr write};
> > allow httpd_sys_script_t blast_req_t:dir { read getattr lock search
> > ioctl add_name write };
> > ...etc
> 
> Is file_upload_store_t defined in your local policy? E.g.:
> 
> type file_upload_store_t, file_type;
Yes (sorry, that would have been the sensible bit to selectively
extract; I don't know what I was thinking): 
*******
type file_upload_store_t,file_type;
allow httpd_sys_script_t file_upload_store_t:dir { read getattr create
search write add_name };
allow httpd_sys_script_t file_upload_store_t:file { create getattr write
read };
*******

Craig
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================



More information about the CentOS mailing list