Re: Confused about /var/www contexts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jason L Tibbitts III wrote:
I'm trying to understand why, on an updated F8 machine with
selinux-policy-3.0.8-101.fc8.noarch and
selinux-policy-targeted-3.0.8-101.fc8.noarch, /var/www/blah/cgi-bin
doesn't end up as httpd_sys_script_exec_t.

semanage fcontext -l says (among many other lines, of course):
  /var/www/[^/]*/cgi-bin(/.*)?  all files  system_u:object_r:httpd_sys_script_exec_t:s0

and yet:
  > sudo restorecon -R -v /var/www
  > ls -lZ /var/www/blah
  drwxr-xr-x  root root unconfined_u:object_r:httpd_sys_content_t:s0 cgi-bin/

Am I misinterpreting the semanage output above?  Is it possible that
the following line, which appears earlier in the semanage output, is overriding?
  /var/www(/.*)?      all files        system_u:object_r:httpd_sys_content_t:s0

httpd_sys_content_t is a customizable type and will be left alone by restorecon unless you use -F. This may change before much longer though, given that it's easier to manage file contexts using semanage than it was when customizable types were introduced.

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux