selinux and wordpress, wordpress-mu

Toshio Kuratomi a.badger at gmail.com
Mon Mar 30 15:42:03 UTC 2009


Daniel J Walsh wrote:
> On 03/29/2009 12:15 PM, Ian Weller wrote:
>>    # semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu'
>>    # semanage fcontext -a -t httpd_var_run_t
>> '/usr/share/wordpress-mu/wp-config.php'
>>    # semanage fcontext -a -t httpd_var_run_t
>> '/usr/share/wordpress-mu/wp-content(/.*)?'
> 
> How about
> 
> # semanage fcontext -a -t httpd_sys_script_exec_t
> '/usr/share/wordpress-mu/wp-config.php'


> # semanage fcontext -a -t httpd_sys_content_rw_t
> '/usr/share/wordpress-mu/wp-content(/.*)?'
> 

A program definitely should not be writing to the /usr/ hierarchy.  You
need to move those files elsewhere on the filesystem.  I'd move them to
/etc/wordpress-mu/wp-config.php and /var/lib/wordpress-mu/wp-content/.

If the directories are configurable or patchable in one place in the
source, then it's good to make this change there.  If not, you can do
what moinmoin does and use symlinks for wordpress to find the files.

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090330/fab1f85e/attachment.sig>


More information about the fedora-devel-list mailing list