Which permission to execute a script?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was making a modified version of the guest policy that needed to be able
to edit and run some perl scripts that also are visible to the web server.
I used the manage_files macro and allowed execute, but I can't run the
script directly. But I can run it via perl.

For example:

[tomarndt@wolff area]$ ./newcheck.pl
-bash: ./newcheck.pl: /usr/bin/perl: bad interpreter: Permission denied
[tomarndt@wolff area]$ perl ./newcheck.pl

Ownership counts:

Ownership of games with owners owning less than 10 new games.

newcheck.pl starts with:
#!/usr/bin/perl

This is the modified policy for tom_t:

policy_module(tom,1.0.0)

########################################
#
# Declarations
#

userdom_restricted_user_template(tom)

require {
	type httpd_sys_content_t;
	type httpd_sys_script_exec_t;
	type postgresql_tmp_t;
	type postgresql_t;
}

########################################
#
# tom local policy
#


optional_policy(`
	qmail_per_role_template(tom,tom_t,tom_r)
')

manage_dirs_pattern(tom_t, httpd_sys_content_t, httpd_sys_content_t)
manage_files_pattern(tom_t, httpd_sys_content_t, httpd_sys_content_t)
manage_files_pattern(tom_t, httpd_sys_script_exec_t, httpd_sys_script_exec_t)

allow tom_t postgresql_tmp_t:sock_file write;
allow tom_t postgresql_t:unix_stream_socket connectto;
allow tom_t httpd_sys_script_exec_t:file execute;

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux