[CentOS] SELinux and access across 'similar types'
Philippe Naudin
philippe.naudin at supagro.inra.fr
Fri Jan 6 10:24:08 UTC 2012
Le ven 06 jan 2012 02:00:27 CET, Bennett Haselton a écrit:
> On 1/5/2012 1:36 PM, Bennett Haselton wrote:
> ...
> OK, notwithstanding the fact that the filesystem on the above machine
> needs to be re-labeled and I don't know why that's failing --
>
> I have another CentOS 5.7 machine where I've enabled SELinux (permissive
> mode) and relabeled the filesystem and it actually worked, so that the
> above commands are now giving the expected outputs:
>
> [root at g6950-21025 ~]# ps awuxZ | grep httpd | head -n 3
> system_u:system_r:init_t root 2302 0.0 1.0 253056 10576
> ? Ss 00:12 0:00 /usr/sbin/httpd
> system_u:system_r:init_t apache 4201 0.1 2.0 274804 20968
> ? S 01:26 0:02 /usr/sbin/httpd
> system_u:system_r:init_t apache 4392 0.2 1.2 257308 12512
> ? S 01:39 0:01 /usr/sbin/httpd
Apache running as "init_t" is a call for troubles.
$ ps awuxZ | grep [a]pache
system_u:system_r:httpd_t apache ... /usr/sbin/httpd
> [root at g6950-21025 ~]# ls -lZ /var/www/html/robots.txt
> -rw-rw-rw- root root system_u:object_r:httpd_sys_content_t
> /var/www/html/robots.txt
This is correct.
--
Philippe Naudin
More information about the CentOS
mailing list