risk of losing httpd_user_script_exec_t labels?
Erik Sjölund
erik.sjolund at gmail.com
Tue Feb 14 13:10:17 UTC 2006
If I inactivate httpd_unified and start using httpd_user_script_exec_t
and httpd_user_script_rw_t in /home/erik/public_html, will those
labels get lost (i.e reverted to httpd_user_content_t ) if I run
"/sbin/fixfiles relabel"?
What I'm more concerned of is if a
"yum update selinux-policy-targeted"
could force a relabeling and therefore loss of httpd_user_script_rw_t labels?
A quick test shows that /sbin/restorecon converts httpd_user_script_rw_t to
httpd_user_content_t.
Though, I haven't tried "sbin/fixfiles relabel" yet.
[erik at www ~]$ cd ~/public_html
[erik at www public_html]$ chcon user_u:object_r:httpd_user_script_exec_t
script.cgi
[erik at www public_html]$ ls -lZ script.cgi
-rwxr-xr-x erik others user_u:object_r:httpd_user_script_exec_t script.cgi
[erik at www public_html]$ /sbin/restorecon script.cgi
[erik at www public_html]$ ls -lZ script.cgi
-rwxr-xr-x erik others system_u:object_r:httpd_user_content_t script.cgi
[erik at www public_html]$ /usr/sbin/getsebool -a | grep unifi
httpd_unified --> inactive
cheers,
Erik Sjölund
More information about the fedora-selinux-list
mailing list