Once upon a time, Stephen Smalley <sds@xxxxxxxxxxxxxx> said: > > The goal of the default selinux policy is to be invisible unless you're > > an exploit. Seems like it's not ;( > > Teaching users to use restorecon in the same manner as chmod/chown if > they want to export data to one of the confined services like apache is > not an undue burden. Lots of web users use FTP to upload files. FTP has a chmod command; it does not have commands to alter SELinux labels (and even if such commands were added, you aren't liable to get WSFTP and such to change just to support a few Linux servers). Not all users have shell access either. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
