CGI permissions for targeted policy
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 1 18:57:20 UTC 2005
Ben wrote:
> I have been having some problems with a CGI program, and audit2allow
> shows I should add these permissions:
>
> allow httpd_sys_script_t devpts_t:chr_file { read write };
> allow httpd_sys_script_t httpd_tmp_t:file getattr;
> allow httpd_sys_script_t httpd_tmp_t:file read;
>
> I'm pretty green at SELinux, so I'm not too sure what these allow. I
> suspect that the last rule lets httpd_sys_script_t programs read files
> of type httpd_tmp_t, and the second rule lets them stat() those files.
> What does the first rule mean, exactly? The CGI program I'm trying to
> run creates a random filename, and I expect this is related to that,
> but there ends my speculation.
>
The first error is the httpd script trying to access a terminal. The
other errors are httpd trying to read the tmp file. Is the tmp file
created by a builtin function (php)? And the a cgi script runs to read it?
Dan
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
More information about the fedora-selinux-list
mailing list