On Mon, 2014-08-04 at 10:29 -0500, Jeremy Young wrote: > I understand that the files are mislabeled and am hoping for another > solution too. I can create that type, but am more concerned with this > being the default label assigned to that directory and all of its > contents. Should this be considered a bug in the latest policy? An > update to my policy and a filesystem relabel is what's set the context > to lib_t in the first place. > > > I'll try the label httpd_sys_script_exec_t and report my results. > > It is a bug in the SELinux security policy. The file (s) is inappropriately classified as being a library file. That said, the show must go on, and one can make configuration changes to fix this "bug". This is what SELinux is all about. > On Mon, Aug 4, 2014 at 9:43 AM, Dominick Grift > <dominick.grift@xxxxxxxxx> wrote: > On Mon, 2014-08-04 at 08:52 -0500, Jeremy Young wrote: > > Hi Dominick, > > > > > > Thank you for the quick answer! I noticed that too about > the files > > in /usr/lib/mailman/cgi-bin being apparently mislabeled, but > I don't > > have that label available to me. > > Then you could try httpd_sys_script_exec_t instead or > preferably create > your own mailman-cgi-exec type > > Your solution sets a non-optimal precedence. You are changing > the > meaning of the lib_t type. > > > > > > > > -- > Jeremy Young, M.S., RHCSA > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
