Apache Httpd, PHP, Smarty and SELinux
Ingemar Nilsson
init at kth.se
Wed Jul 30 18:19:36 UTC 2008
Daniel J Walsh wrote:
> sesearch does not give you attributes.
Attributes? Is there maybe some document explaining them that you can
point me to?
Actually it does give me attributes:
sesearch -a | grep -P '@ttr\d{4} @ttr\d{4}' | grep ' file '
allow @ttr0269 @ttr0360 : file { ioctl read write create getattr
setattr lock relabelfrom relabelto append unlink link rename execute
swapon quotaon mounton execute_no_trans entrypoint execmod };
allow @ttr1170 @ttr1669 : file { ioctl read write getattr lock
append };
allow @ttr0098 @ttr0115 : file { ioctl read write create getattr
setattr lock relabelfrom relabelto append unlink link rename execute
swapon quotaon mounton execute_no_trans entrypoint execmod };
allow @ttr0098 @ttr0359 : file { ioctl read write create getattr
setattr lock relabelfrom relabelto append unlink link rename execute
swapon quotaon mounton execute_no_trans entrypoint execmod };
allow @ttr0240 @ttr0078 : file { ioctl read write create getattr
setattr lock relabelfrom relabelto append unlink link rename execute
swapon quotaon mounton execute_no_trans entrypoint };
allow @ttr0240 @ttr0078 : file execmod ;
> Could be a line like the following
> allow @ttr1154 @ttr0504 : file { ioctl read write create getattr
> setattr lock append unlink link rename open };
Your exact line could not be found above, but you might have meant it as
an example?
> What is the context of the files that get created?
The files all get the context of the parent directory, that is
root:object_r:httpd_sys_content_t.
Regards
Ingemar
More information about the fedora-selinux-list
mailing list