[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

mediawiki AVC

From: Vadym Chepkov <chepkov yahoo com>
To: Fedora SELinux <fedora-selinux-list redhat com>
Subject: mediawiki AVC
Date: Wed, 11 Mar 2009 10:01:37 -0700 (PDT)

Hello,

mediawiki software has a following script, ImageMagick gets invoked using it:

$ cat /var/www/mediawiki/bin/ulimit4.sh 
#!/bin/bash

ulimit -t $1 -v $2 -f $3
eval "$4"


I added 
/var/www/mediawiki/bin/.*                          regular file       system_u:object_r:httpd_sys_script_exec_t:s0

into local policy. I receive the following AVC denial:

type=AVC msg=audit(1236789583.906:576443): avc:  denied  { read } for  pid=22724 comm="ulimit4.sh" path="eventpoll:[10101538]" dev=eventpollfs ino=10101538 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=user_u:system_r:httpd_t:s0 tclass=file

audit2allow suggests the following:

allow httpd_sys_script_t httpd_t:file read;

but it doesn't seem right to me. I don't want to make it httpd_unconfined_script_exec_t, does anyone has a better suggestion? 
Thank you.

Sincerely yours,
  Vadym Chepkov

Follow-Ups:
- Re: mediawiki AVC
  - From: Dominick Grift

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]