Running httpd scripts from nfs mounts?
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jan 27 16:52:13 UTC 2005
On Thu, 2005-01-27 at 11:25, John W. Lockhart wrote:
> Aha! It is indeed mounted nosuid:
> rw,nosuid,nodev,noatime,rsize=8192,wsize=8192,bg,intr,soft,context=system_u:object_r:httpd_sys_content_t
>
> Any other options I should or shouldn't have in there?
Not clear you want to just remove nosuid, as that obviously has other
security implications. If policy allowed httpd_t to set its exec
context, then you could use a wrapper script that just does a runcon -t
httpd_sys_script_t <realscript> to manually transition to the new
domain.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list