FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-28-2008, 01:33 AM
Jason L Tibbitts III
 
Default Confused about /var/www contexts

I'm trying to understand why, on an updated F8 machine with
selinux-policy-3.0.8-101.fc8.noarch and
selinux-policy-targeted-3.0.8-101.fc8.noarch, /var/www/blah/cgi-bin
doesn't end up as httpd_sys_script_exec_t.

semanage fcontext -l says (among many other lines, of course):
/var/www/[^/]*/cgi-bin(/.*)? all files system_ubject_r:httpd_sys_script_exec_t:s0

and yet:
> sudo restorecon -R -v /var/www
> ls -lZ /var/www/blah
drwxr-xr-x root root unconfined_ubject_r:httpd_sys_content_t:s0 cgi-bin/

Am I misinterpreting the semanage output above? Is it possible that
the following line, which appears earlier in the semanage output, is overriding?
/var/www(/.*)? all files system_ubject_r:httpd_sys_content_t:s0

- J<

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 05-28-2008, 07:59 AM
Paul Howarth
 
Default Confused about /var/www contexts

Jason L Tibbitts III wrote:

I'm trying to understand why, on an updated F8 machine with
selinux-policy-3.0.8-101.fc8.noarch and
selinux-policy-targeted-3.0.8-101.fc8.noarch, /var/www/blah/cgi-bin
doesn't end up as httpd_sys_script_exec_t.

semanage fcontext -l says (among many other lines, of course):
/var/www/[^/]*/cgi-bin(/.*)? all files system_ubject_r:httpd_sys_script_exec_t:s0

and yet:
> sudo restorecon -R -v /var/www
> ls -lZ /var/www/blah
drwxr-xr-x root root unconfined_ubject_r:httpd_sys_content_t:s0 cgi-bin/

Am I misinterpreting the semanage output above? Is it possible that
the following line, which appears earlier in the semanage output, is overriding?
/var/www(/.*)? all files system_ubject_r:httpd_sys_content_t:s0


httpd_sys_content_t is a customizable type and will be left alone by
restorecon unless you use -F. This may change before much longer though,
given that it's easier to manage file contexts using semanage than it
was when customizable types were introduced.


Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 05:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org