[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

risk of losing httpd_user_script_exec_t labels?

From: Erik Sjölund <erik sjolund gmail com>
To: fedora-selinux-list redhat com
Subject: risk of losing httpd_user_script_exec_t labels?
Date: Tue, 14 Feb 2006 14:10:17 +0100

If I inactivate httpd_unified and start using httpd_user_script_exec_t
and httpd_user_script_rw_t in /home/erik/public_html, will those
labels get lost (i.e reverted to httpd_user_content_t ) if I run
"/sbin/fixfiles relabel"?

What I'm more concerned of is if a
"yum update selinux-policy-targeted"
could force a relabeling and therefore loss of httpd_user_script_rw_t labels?

A quick test shows that /sbin/restorecon converts httpd_user_script_rw_t to
httpd_user_content_t.
Though, I haven't tried "sbin/fixfiles relabel" yet.

[erik www ~]$ cd ~/public_html
[erik www public_html]$ chcon user_u:object_r:httpd_user_script_exec_t
 script.cgi
[erik www public_html]$ ls -lZ script.cgi
-rwxr-xr-x  erik others   user_u:object_r:httpd_user_script_exec_t script.cgi
[erik www public_html]$ /sbin/restorecon script.cgi
[erik www public_html]$ ls -lZ script.cgi
-rwxr-xr-x  erik others   system_u:object_r:httpd_user_content_t script.cgi
[erik www public_html]$ /usr/sbin/getsebool -a | grep unifi
httpd_unified --> inactive

cheers,
Erik Sjölund

Follow-Ups:
- Re: risk of losing httpd_user_script_exec_t labels?
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]