[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

making a user create files as "user_u:system_r:httpd_t"

From: "Hugo Martin Campos V." <hugomartinplug yahoo com>
To: fedora-selinux-list redhat com
Subject: making a user create files as "user_u:system_r:httpd_t"
Date: Thu, 1 Feb 2007 01:57:41 +0000 (GMT)

Hello list,

I am analyzing a HTTPd server working with SELinux in permissive mode before I enforce it. The problem I've seen so far begins when the .html .php files get uploaded by the person in charge and they are labeled as "system_u:object_r:default_t" and the label needs to be "user_u:system_r:httpd_t"

The resulting error:
avc: denied { getattr } for pid=8244 comm="httpd" name="/" dev=hda5 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:default_t tclass=dir

I added that folder to be labeled as "user_u:system_r:httpd_t" in "/etc/selinux/targeted/src/policy/file_contexts/file_contexts" to relabel it with "fixfiles restore" (and it works) but it's not practical to relabel everything everytime that user uploads a webpage.

What should I do?? My knowledge goes as far as labeling, do I need to set roles? or should I follow audit2allow advice for now. It would just be cool to autolabel every file uploaded by that user as "user_u:system_r:httpd_t"

Thanks,
Hugo Martin

Preguntá. Respondé. Descubrí.
Todo lo que querías saber, y lo que ni imaginabas,
está en Yahoo! Respuestas (Beta).
Probalo ya!

Follow-Ups:
- Re: making a user create files as "user_u:system_r:httpd_t"
  - From: Paul Howarth

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]