Re: F12: SeLinux reports illegal httpd access to .index files?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/05/2010 08:32 PM, Daniel B. Thurman wrote:

> 1) How did the label get set this way in the first place?

1. My bet is that some process created the file whilst the system was in
permissive mode.

This process does not have a rule defined for this action and defaulted
to the default label.

2. It could also be that some daemon that is currently unconfined due to
not having policy (fallback to initrc_t) created it. (see if any
processes run as initrc_t: ps auxZ | grep initrc_t)

3. Or some user application may have created it. By default users
operate in a unconfined user domain. Almost any app that a user executes
inherits this unconfined domain and is thus allowed (almost) full
access, and be able to create the file there.

I may be wrong though because i did not investigate the issue.


The big question:

What creates the object .index?



> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


Attachment: signature.asc
Description: OpenPGP digital signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux