Re: Apache Httpd, PHP, Smarty and SELinux

Ingemar Nilsson <init@xxxxxx> · Wed, 30 Jul 2008 20:19:36 +0200

Daniel J Walsh wrote:

sesearch does not give you attributes.

Attributes? Is there maybe some document explaining them that you can 
point me to?

Actually it does give me attributes:

sesearch -a | grep -P '@ttr\d{4} @ttr\d{4}' | grep ' file '
   allow @ttr0269 @ttr0360 : file { ioctl read write create getattr 
setattr lock relabelfrom relabelto append unlink link rename execute 
swapon quotaon mounton execute_no_trans entrypoint execmod };
   allow @ttr1170 @ttr1669 : file { ioctl read write getattr lock 
append };
   allow @ttr0098 @ttr0115 : file { ioctl read write create getattr 
setattr lock relabelfrom relabelto append unlink link rename execute 
swapon quotaon mounton execute_no_trans entrypoint execmod };
   allow @ttr0098 @ttr0359 : file { ioctl read write create getattr 
setattr lock relabelfrom relabelto append unlink link rename execute 
swapon quotaon mounton execute_no_trans entrypoint execmod };
   allow @ttr0240 @ttr0078 : file { ioctl read write create getattr 
setattr lock relabelfrom relabelto append unlink link rename execute 
swapon quotaon mounton execute_no_trans entrypoint };
   allow @ttr0240 @ttr0078 : file execmod ;

Could be a line like the following
   allow @ttr1154 @ttr0504 : file { ioctl read write create getattr
setattr lock append unlink link rename open };

Your exact line could not be found above, but you might have meant it as 
an example?

What is the context of the files that get created?

The files all get the context of the parent directory, that is 
root:object_r:httpd_sys_content_t.

Regards
Ingemar

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list