On 1/30/19 7:57 AM, Nicolas Kovacs wrote:
The tl;dr version of my last post is : Apache is not supposed to show
static web pages with a user_tmp_t SELinux context. So why does it show
them anyway ?
Policy allows that, currently:
# sesearch -A -s httpd_t -t user_tmp_t
Found 15 semantic av rules:
allow daemon user_tmp_t : file { getattr append } ;
allow httpd_t user_tmp_t : file { ioctl read write getattr lock
append map } ;
allow domain tmpfile : file { ioctl read getattr lock append open } ;
allow httpd_t file_type : dir { getattr search open } ;
allow httpd_t user_tmp_t : dir { ioctl read write getattr lock
add_name remove_name search open } ;
allow httpd_t file_type : filesystem getattr ;
allow httpd_t user_home_type : file { ioctl read getattr lock open } ;
allow httpd_t user_home_type : dir { getattr search open } ;
allow httpd_t user_home_type : dir { ioctl read getattr lock search
open } ;
allow httpd_t user_home_type : dir { getattr search open } ;
allow httpd_t user_home_type : dir { getattr search open } ;
allow domain file_type : file map ;
allow domain file_type : chr_file map ;
allow domain file_type : blk_file map ;
allow httpd_t user_home_type : lnk_file { read getattr } ;
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
