[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

risk of losing httpd_user_script_exec_t labels?



If I inactivate httpd_unified and start using httpd_user_script_exec_t
and httpd_user_script_rw_t in /home/erik/public_html, will those
labels get lost (i.e reverted to httpd_user_content_t ) if I run
"/sbin/fixfiles relabel"?

What I'm more concerned of is if a
"yum update selinux-policy-targeted"
could force a relabeling and therefore loss of httpd_user_script_rw_t labels?

A quick test shows that /sbin/restorecon converts httpd_user_script_rw_t to
httpd_user_content_t.
Though, I haven't tried "sbin/fixfiles relabel" yet.

[erik www ~]$ cd ~/public_html
[erik www public_html]$ chcon user_u:object_r:httpd_user_script_exec_t
 script.cgi
[erik www public_html]$ ls -lZ script.cgi
-rwxr-xr-x  erik others   user_u:object_r:httpd_user_script_exec_t script.cgi
[erik www public_html]$ /sbin/restorecon script.cgi
[erik www public_html]$ ls -lZ script.cgi
-rwxr-xr-x  erik others   system_u:object_r:httpd_user_content_t script.cgi
[erik www public_html]$ /usr/sbin/getsebool -a | grep unifi
httpd_unified --> inactive

cheers,
Erik Sjölund


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]