mediawiki AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

mediawiki software has a following script, ImageMagick gets invoked using it:

$ cat /var/www/mediawiki/bin/ulimit4.sh 
#!/bin/bash

ulimit -t $1 -v $2 -f $3
eval "$4"


I added 
/var/www/mediawiki/bin/.*                          regular file       system_u:object_r:httpd_sys_script_exec_t:s0

into local policy. I receive the following AVC denial:

type=AVC msg=audit(1236789583.906:576443): avc:  denied  { read } for  pid=22724 comm="ulimit4.sh" path="eventpoll:[10101538]" dev=eventpollfs ino=10101538 scontext=user_u:system_r:httpd_sys_script_t:s0 tcontext=user_u:system_r:httpd_t:s0 tclass=file

audit2allow suggests the following:

allow httpd_sys_script_t httpd_t:file read;

but it doesn't seem right to me. I don't want to make it httpd_unconfined_script_exec_t, does anyone has a better suggestion? 
Thank you.

Sincerely yours,
  Vadym Chepkov

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux