SELinux PHP setup, how ?
Kuang-Chun Cheng
kcc1967 at gmail.com
Sat Mar 1 09:49:31 UTC 2008
Hi,
I'm new to RH5.x/SELinux.
I have a simple PHP script which will call passthru() or exec() to
invoke "/bin/ls" or other external
commands to do some taskes. The SELinux (targeted policy) deny the
action by default.
Following the message in sealert which ask me to relabel /bin/ls
to allow httpd to invoke /bin/ls from my PHP (ls.php) ... well, it's OK ... but
I'm wondering if I can only limit invoking "/bin/ls" from ONLY my "ls.php".
So, other PHP still can't call exec() to invoke "/bin/ls".
Is this possible in targeted policy ?
Thanks
KC
More information about the fedora-selinux-list
mailing list