one-script policy?
Daniel J Walsh
dwalsh at redhat.com
Fri Nov 8 18:25:27 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/08/2013 11:17 AM, m.roth at 5-cent.us wrote:
> We've got a server that, among other web things, is serving SVN. For one
> function, we have a cgi scipt that using sudo - my manager tells me it was
> the simplest way of dealing with certain complexities.
>
> Is there a way to create a local policy that would apply to that script
> *only*, not to everything apache's serving?
>
> CentOS 6.4
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Yes you could simply write a policy for that script.
Use sepolgen and create a cgi policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJ9LJcACgkQrlYvE4MpobPHBACg2UeiWIAKKaaLYhVY6nLR14n/
yswAoLaP6aiFlNTGEN2MP5eTPoE6oa2G
=7neG
-----END PGP SIGNATURE-----
More information about the selinux
mailing list