[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

SELinux PHP setup, how ?

From: "Kuang-Chun Cheng" <kcc1967 gmail com>
To: fedora-selinux-list redhat com
Subject: SELinux PHP setup, how ?
Date: Sat, 1 Mar 2008 17:49:31 +0800

Hi,

I'm new to RH5.x/SELinux.

I have a simple PHP script which will call passthru() or exec() to
invoke "/bin/ls" or other external
commands to do some taskes.  The SELinux (targeted policy) deny the
action by default.
Following the message in sealert which ask me to relabel /bin/ls
to allow httpd to invoke /bin/ls from my PHP (ls.php) ... well, it's OK ... but
I'm wondering if I can only limit invoking "/bin/ls" from ONLY my "ls.php".
So, other PHP still can't call exec() to invoke "/bin/ls".

Is this possible in targeted policy ?

Thanks
KC

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]