Re: SELinux policy vs. static web content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/30/19 7:57 AM, Nicolas Kovacs wrote:
The tl;dr version of my last post is : Apache is not supposed to show
static web pages with a user_tmp_t SELinux context. So why does it show
them anyway ?


Policy allows that, currently:

# sesearch -A -s httpd_t -t user_tmp_t
Found 15 semantic av rules:
   allow daemon user_tmp_t : file { getattr append } ;
   allow httpd_t user_tmp_t : file { ioctl read write getattr lock append map } ;
   allow domain tmpfile : file { ioctl read getattr lock append open } ;
   allow httpd_t file_type : dir { getattr search open } ;
   allow httpd_t user_tmp_t : dir { ioctl read write getattr lock add_name remove_name search open } ;
   allow httpd_t file_type : filesystem getattr ;
   allow httpd_t user_home_type : file { ioctl read getattr lock open } ;
   allow httpd_t user_home_type : dir { getattr search open } ;
   allow httpd_t user_home_type : dir { ioctl read getattr lock search open } ;
   allow httpd_t user_home_type : dir { getattr search open } ;
   allow httpd_t user_home_type : dir { getattr search open } ;
   allow domain file_type : file map ;
   allow domain file_type : chr_file map ;
   allow domain file_type : blk_file map ;
   allow httpd_t user_home_type : lnk_file { read getattr } ;

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux