On Thu, 2012-02-09 at 07:59 -0500, Edward Ned Harvey wrote: > The situation is this: I'm supporting a web hosting company who uses > drupal, and they're constantly adding & removing plugins via drush. > Since this is a non-OS-specific application, it doesn't know anything > about how it should set the context on files it creates. Fortunately, > (!) my client has been hacked before, so they're extremely cautious > when it comes to ignoring selinux practices. They are manually > changing the context of all these files, which is tedious. But at > least they're doing it. Given that it doesn't know the actual context it wants to use, perhaps it should just invoke restorecon on the files or use the selinux_lsetfilecon_default(3) API after creating them. That will look up the policy-specified context (from the file_contexts configuration) and apply it. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
