CGI permissions for targeted policy
Ben
bench at silentmedia.com
Fri Apr 1 03:06:55 UTC 2005
I have been having some problems with a CGI program, and audit2allow
shows I should add these permissions:
allow httpd_sys_script_t devpts_t:chr_file { read write };
allow httpd_sys_script_t httpd_tmp_t:file getattr;
allow httpd_sys_script_t httpd_tmp_t:file read;
I'm pretty green at SELinux, so I'm not too sure what these allow. I
suspect that the last rule lets httpd_sys_script_t programs read files
of type httpd_tmp_t, and the second rule lets them stat() those files.
What does the first rule mean, exactly? The CGI program I'm trying to
run creates a random filename, and I expect this is related to that,
but there ends my speculation.
More information about the fedora-selinux-list
mailing list