SELinux policy vs. static web content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

Some time ago I wrote an introductory article about SELinux on my blog.
I'm currently updating it for my new blog, and I found a curious change
in SELinux policy. Here goes.

For demonstration purposes, I'm using some static webpages, more exactly
the default pages found in /usr/share/httpd/noindex, which I simply
copied over to /var/www/html.

As a first practical example, I'm copying this stuff over to /tmp/backup
and then move it back again. A vaguely similar example has been given by
Thomas Cameron in his presentation "SELinux for mere mortals", and I'm
reproducing it here with some minor modifications.

  $ cd /var/www/html/
  $ mkdir /tmp/backup
  $ cp -R * /tmp/backup/
  $ rm -rf *
  $ mv /tmp/backup/* .
  $ find . -type d -exec chmod 0755 {} \;
  $ find . -type f -exec chmod 0644 {} \;

When I wrote the article back in november 2017, this resulted in a
classic "Forbidden" error, since the SELinux context of these files is
not httpd_sys_content_t as it should be, but user_tmp_t.

But when I try to repeat the experiment now, Apache shows no error.
Which seems strange.

Any idea what's going on ?

Niki
-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux