SELinux and access across 'similar types'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

http://wiki.centos.org/HowTos/SELinux
says:
"Access is only allowed between similar types, so Apache running as 
httpd_t can read /var/www/html/index.html of type httpd_sys_content_t."

however the doc doesn't define what "similar types" means.  I assumed it 
just meant "beginning with the same prefix".  However that can't be 
right because on my system with SELinux turned on, httpd runs as type 
init_t:

[root@peacefire04 - /root # ps awuxZ | grep httpd | head -n 3
system_u:system_r:init_t:s0     root      2521  0.1  0.4  21680  8820 
?        Ss   05:05   0:00 /usr/sbin/httpd
system_u:system_r:init_t:s0     apache    2550  0.0  0.4  23364  8920 
?        S    05:05   0:00 /usr/sbin/httpd
system_u:system_r:init_t:s0     apache    2551  0.1  0.4  22736  8212 
?        S    05:05   0:00 /usr/sbin/httpd

and the robots.txt file has type file_t:
[root@peacefire04 - /root # ls -lZ /var/www/html/robots.txt
-rw-rw-rw-  root root system_u:object_r:file_t:s0      
/var/www/html/robots.txt

but Apache can of course access that file.  So in Type Enforcement, what 
determines what process type can access what file type?

Bennett
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux