Re: SELinux and access across 'similar types'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 1/6/2012 6:16 PM, RILINDO FOSTER wrote:
> On Jan 6, 2012, at 10:35 AM, Bennett Haselton wrote:
>
>> I tried that and it worked -- the httpd processes are now listed with
>> "httpd_t" as their context, the /var/log/audit/audit.log file is listed
>> with auditd_log_t as its type instead if file_t, etc.
>>
>> I'm pretty sure this machine was never "upgraded to CentOS 5.2", it was
>> just imaged with 5.7 when the hosting company set it up, but SELinux
>> *was* off until I turned it on.  So probably the doc should say, if the
>> "system was *installed* with 5.2, then do this" (and presumably it's 5.2
>> or later, not just 5.2).
> Either that, or the base install was an earlier version of Centos 5.x,  with SELinux turned off then upgraded to the current version.
>
>   - Rilindo

Could be in theory but if the hosting company was provisioning a new 
machine I don't know why they'd set up an earlier version and then 
upgrade, instead of just imaging the latest version at the time.

As for the original question -- when the docs say that access is allowed 
only across "similar types", what determines what counts as "similar 
types"?  How do you know for example that httpd running as type httpd_t 
can access /var/www/html/robots.txt which has type httpd_sys_content_t?

Bennett
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux