Big brother and httpd
Tom Diehl
tdiehl at rogueind.com
Sun Jun 26 12:42:18 UTC 2005
On Sun, 26 Jun 2005, Ivan Gyurdiev wrote:
> On Sun, 2005-06-26 at 01:13 -0400, James Z. Li wrote:
> > How did u relabel bb.html and bb2.html?
> > Did you change the apache.fc file to label the files and dirs
> > under /home/bb/bb/www, followed by "make load" and
> > then "setfiles" / "restorecon"?
>
>
> It should not be necessary to change policy to
> label httpd content, as this type is marked customizable
> (therefore it survives a restorecon).
>
> Can you check and make sure /home/bb/bb/www is marked
> httpd_*_content_t, and not user_home_t...
(pocono pts16) # la -Z /home/bb/bb/www
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t .
drwxr-xr-x bb bb root:object_r:user_home_t ..
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-ack.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-hist.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-histlog.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-hostsvc.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-rep.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-replog.sh
-rw-rw-r-- bb bb user_u:object_r:user_home_t bb.html
-rw-rw-r-- bb bb user_u:object_r:user_home_t bb2.html
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t gifs
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t help
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t html
-rw-r--r-- bb bb root:object_r:httpd_sys_content_t index.html
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t newbldg
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t notes
drwxrwxr-x bb apache root:object_r:httpd_sys_content_t rep
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t reynolds
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t rogueind
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t routers
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t xo
(pocono pts16) #
The bb.html and bb2.html files are created every time bb polls the
machines (every 5 minutes). I have tried doing
chcon -t httpd_sys_content_t bb?.html on them but they always change back.
Do I have to do something with the bb daemon itself?
Here is what how the binaries are labeled:
(pocono pts16) # la -Z /home/bb/bb/bin
drwxr-xr-x bb bb root:object_r:httpd_sys_content_t .
drwxr-xr-x bb bb root:object_r:user_home_t ..
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-combo.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-display.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-mailack.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-network.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-ping.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbd
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbmv
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbmv.DIST
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbnet
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbprune
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbprune.DIST
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbrm
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbrm.DIST
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbrun
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bbstat
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t dumphostsvc
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t getipaddr
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t getipaddr.sh
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t sendmsg
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t sendsms
-rwxr-xr-x bb bb root:object_r:httpd_sys_content_t touchtime
(pocono pts16) #
Regards,
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the fedora-selinux-list
mailing list