Big brother and httpd

Tom Diehl tdiehl at rogueind.com
Sun Jun 26 12:42:18 UTC 2005


On Sun, 26 Jun 2005, Ivan Gyurdiev wrote:

> On Sun, 2005-06-26 at 01:13 -0400, James Z. Li wrote:
> > How did u relabel bb.html and bb2.html?
> > Did you change the apache.fc file to label the files and dirs 
> > under /home/bb/bb/www, followed by "make load" and 
> > then "setfiles" / "restorecon"?
> 
> 
> It should not be necessary to change policy to 
> label httpd content, as this type is marked customizable
> (therefore it survives a restorecon).
> 
> Can you check and make sure /home/bb/bb/www is marked
> httpd_*_content_t, and not user_home_t...

(pocono pts16) # la -Z /home/bb/bb/www
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t .
drwxr-xr-x  bb       bb       root:object_r:user_home_t        ..
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-ack.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-hist.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-histlog.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-hostsvc.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-rep.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-replog.sh
-rw-rw-r--  bb       bb       user_u:object_r:user_home_t      bb.html
-rw-rw-r--  bb       bb       user_u:object_r:user_home_t      bb2.html
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t gifs
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t help
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t html
-rw-r--r--  bb       bb       root:object_r:httpd_sys_content_t index.html
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t newbldg
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t notes
drwxrwxr-x  bb       apache   root:object_r:httpd_sys_content_t rep
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t reynolds
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t rogueind
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t routers
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t xo
(pocono pts16) #

The bb.html and bb2.html files are created every time bb polls the
machines (every 5 minutes). I have tried doing 
chcon -t httpd_sys_content_t bb?.html on them but they always change back.

Do I have to do something with the bb daemon itself?

Here is what how the binaries are labeled:

(pocono pts16) # la -Z /home/bb/bb/bin
drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t .
drwxr-xr-x  bb       bb       root:object_r:user_home_t        ..
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-combo.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-display.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-mailack.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-network.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-ping.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbd
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbmv
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbmv.DIST
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbnet
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbprune
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbprune.DIST
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbrm
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbrm.DIST
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbrun
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bbstat
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t dumphostsvc
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t getipaddr
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t getipaddr.sh
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t sendmsg
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t sendsms
-rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t touchtime
(pocono pts16) #

Regards,

Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com




More information about the fedora-selinux-list mailing list