Ben wrote:
Yes exactly; the tmp file is being created by php and then the CGI program reads the file.Do you have the ability to change the PHP script to not create in /tmp but to create some where
under /var/www?
On Apr 1, 2005, at 10:57 AM, Daniel J Walsh wrote:
Ben wrote:
I have been having some problems with a CGI program, and audit2allow shows I should add these permissions:The first error is the httpd script trying to access a terminal. The other errors are httpd trying to read the tmp file. Is the tmp file
allow httpd_sys_script_t devpts_t:chr_file { read write }; allow httpd_sys_script_t httpd_tmp_t:file getattr; allow httpd_sys_script_t httpd_tmp_t:file read;
I'm pretty green at SELinux, so I'm not too sure what these allow. I suspect that the last rule lets httpd_sys_script_t programs read files of type httpd_tmp_t, and the second rule lets them stat() those files. What does the first rule mean, exactly? The CGI program I'm trying to run creates a random filename, and I expect this is related to that, but there ends my speculation.
created by a builtin function (php)? And the a cgi script runs to read it?
Dan
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
