On Thu, 13 Oct 2005 07:42:48 +0200, Tomas Larsson said: > How do I change the security context automatically. > I.e if I am moving one file from one folder, is it possible to automatically > to > Put the context for the new directory on the file. > For example, if I move a file from the FTP-upload folder to HTTPD download > folder. It may make more sense to create a new context 'user_uploaded_t' or some such, and give the FTP server the access needed to write it, and the httpd the needed read access. That way, it gets "sandboxed" and even if it's malicious code, nothing else can accidentally read/execute it, so your system integrity is enhanced. Depending on your paranoia level, you may or may not want to allow some way for a process running in some user_t to un-sandbox the file. It may be sufficient to allow user_t to read it, as there probably shouldn't be any automated processes running as user_t - with the implicit "the user is taking responsibility for this"...
Attachment:
pgpkyobs9vApc.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
