Big brother and httpd
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 27 11:34:46 UTC 2005
Russell Coker wrote:
>On Sunday 26 June 2005 22:42, Tom Diehl <tdiehl at rogueind.com> wrote:
>
>
>>>Can you check and make sure /home/bb/bb/www is marked
>>>httpd_*_content_t, and not user_home_t...
>>>
>>>
>>(pocono pts16) # la -Z /home/bb/bb/www
>>drwxr-xr-x bb bb root:object_r:httpd_sys_content_t .
>>drwxr-xr-x bb bb root:object_r:user_home_t ..
>>
>>
>[...]
>
>
>>The bb.html and bb2.html files are created every time bb polls the
>>machines (every 5 minutes). I have tried doing
>>chcon -t httpd_sys_content_t bb?.html on them but they always change back.
>>
>>
>
>Those files are apparently created somewhere else, maybe /home/bb/bb? Maybe
>if you run your chcon -R operation on /home/bb the results will be better.
>
>A change to bb might help. You could either have it create the files in an
>appropriate directory that has the desired label or have it chcon them after
>creation (but before moving). How is the bb program run? Is it a daemon or
>a cron job?
>
>There has been some work on getting NAGIOS running under SE Linux. It seems
>that NAGIOS is the leading product in this area.
>
>
>
Can you change the program to cp the files rather than mv them? That
would allow it to get the
right context.
--
More information about the fedora-selinux-list
mailing list