Transitions for files.
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 18 15:23:23 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/18/2010 11:07 AM, Vadym Chepkov wrote:
> On Mon, Oct 18, 2010 at 10:52 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> Can you find the code that is doing the mv and add a restorecon, or
>> change it to a cp followed by a rm.
>
> And grant mediawiki permissions to run restorecon, gee, I am not sure of this.
> So the only way is to change the code?
> Will try to open ticket with mediawiki then.
>
> Thanks,
> Vadym
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Letting code run restorecon without a transition means does not give the
code added priv. You can specify the labels that mediawiki can relabel
between. I would prefer mediawiki to not use /tmp at all, but to use a
directory that is not usable by users. Say create a subdir of the final
dir or create the files with an extension before renaming.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAky8ZmsACgkQrlYvE4MpobNP1QCg4dXRGdCXfajjpOssCNMjkTSL
l7cAn0Fa2IVSeYD4jA9kzZGoci50SsKP
=LuHc
-----END PGP SIGNATURE-----
More information about the selinux
mailing list