Using dyntransition to reduce privileges for Web application
Scott Gifford
sgifford at suspectclass.com
Wed Feb 23 05:44:49 UTC 2011
On Wed, Feb 23, 2011 at 12:38 AM, Scott Gifford
<sgifford at suspectclass.com>wrote:
> On Tue, Feb 22, 2011 at 9:00 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>> On 02/21/2011 10:19 PM, Scott Gifford wrote:
>>
> [ ... ]
>
>> > Yeah, true, but I'm not sure how to cause them to have no category
>> > either, apart from using setxattr.
>> >
>> I think if you do the file context correctly you can run restorecon -F
>> to fix the label. If your CGI were in Code or python, you could use
>> setfscreatecon, to set the label automatically.
>>
>
> My code is in Perl,
>
Also, are these the python bindings you're talking about above?
http://sourceforge.net/projects/python-selinux/
Those functions would be pretty easy for me to port to perl, if this would
be useful to anybody else.
-----Scott.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110223/7f4ffc88/attachment.html
More information about the selinux
mailing list