[CentOS] SELinux policy vs. static web content
Gordon Messmer
gordon.messmer at gmail.comThu Jan 31 00:31:45 UTC 2019
- Previous message: [CentOS] SELinux policy vs. static web content
- Next message: [CentOS] Applying changes to route-eth0
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 1/30/19 7:57 AM, Nicolas Kovacs wrote: > The tl;dr version of my last post is : Apache is not supposed to show > static web pages with a user_tmp_t SELinux context. So why does it show > them anyway ? Policy allows that, currently: # sesearch -A -s httpd_t -t user_tmp_t Found 15 semantic av rules: allow daemon user_tmp_t : file { getattr append } ; allow httpd_t user_tmp_t : file { ioctl read write getattr lock append map } ; allow domain tmpfile : file { ioctl read getattr lock append open } ; allow httpd_t file_type : dir { getattr search open } ; allow httpd_t user_tmp_t : dir { ioctl read write getattr lock add_name remove_name search open } ; allow httpd_t file_type : filesystem getattr ; allow httpd_t user_home_type : file { ioctl read getattr lock open } ; allow httpd_t user_home_type : dir { getattr search open } ; allow httpd_t user_home_type : dir { ioctl read getattr lock search open } ; allow httpd_t user_home_type : dir { getattr search open } ; allow httpd_t user_home_type : dir { getattr search open } ; allow domain file_type : file map ; allow domain file_type : chr_file map ; allow domain file_type : blk_file map ; allow httpd_t user_home_type : lnk_file { read getattr } ;
- Previous message: [CentOS] SELinux policy vs. static web content
- Next message: [CentOS] Applying changes to route-eth0
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list