Re: Which permission to execute a script?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bruno Wolff III wrote:
> I was making a modified version of the guest policy that needed to be able
> to edit and run some perl scripts that also are visible to the web server.
> I used the manage_files macro and allowed execute, but I can't run the
> script directly. But I can run it via perl.
> 
> For example:
> 
> [tomarndt@wolff area]$ ./newcheck.pl
> -bash: ./newcheck.pl: /usr/bin/perl: bad interpreter: Permission denied
> [tomarndt@wolff area]$ perl ./newcheck.pl
> 
> Ownership counts:
> 
> Ownership of games with owners owning less than 10 new games.
> 
> newcheck.pl starts with:
> #!/usr/bin/perl
> 
> This is the modified policy for tom_t:
> 
> policy_module(tom,1.0.0)
> 
> ########################################
> #
> # Declarations
> #
> 
> userdom_restricted_user_template(tom)
> 
> require {
> 	type httpd_sys_content_t;
> 	type httpd_sys_script_exec_t;
> 	type postgresql_tmp_t;
> 	type postgresql_t;
> }
> 
> ########################################
> #
> # tom local policy
> #
> 
> 
> optional_policy(`
> 	qmail_per_role_template(tom,tom_t,tom_r)
> ')
> 
> manage_dirs_pattern(tom_t, httpd_sys_content_t, httpd_sys_content_t)
> manage_files_pattern(tom_t, httpd_sys_content_t, httpd_sys_content_t)
> manage_files_pattern(tom_t, httpd_sys_script_exec_t, httpd_sys_script_exec_t)
> 
> allow tom_t postgresql_tmp_t:sock_file write;
> allow tom_t postgresql_t:unix_stream_socket connectto;
> allow tom_t httpd_sys_script_exec_t:file execute;
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

 getsebool -a  | grep xgues
allow_xguest_exec_content --> off

xguest is not allowed by default to execute anything in its home dir.
Turning on this boolean should allow it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkhgM4ACgkQrlYvE4MpobMUlwCgos9O2+96RoMXEpMRRTvAXFeG
pyIAn2QtlkvXDObfqzKjOBtdbOGFcmkR
=N7MO
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux