Relabeling PHP uploads when they are moved into place
PHP uploads files into a temporary directory, where they are given the label "httpd_tmp_t". *When a PHP script processes them, it calls*move_uploaded_file*to move the newly uploaded file into its final location. *This function does some validity checks, then does a rename(2) from the temporary location to the location passwd to move_uploaded_file.
The problem is that after the rename, the file still retains its original label, "httpd_tmp_t". *That makes it inconsistent with files and directories which weren't uploaded, and requires some policy gymnastics to take into account that anything that could have been uploaded might have the "httpd_tmp_t" type.
I am wondering if there is some good way to automatically relabel this file when it is renamed?
I would like for the PHP application to work on SELinux and non-SELinux systems, so I would prefer not to make calls out to SELinux-specific scripts and programs (like restorecon). *What I would really like is some configuration option that would just relabel files according to their destination when they are rename(2)'d, but that may be asking too much. *:-)
Thanks for any advice,
selinux mailing list