Hello list,
I am analyzing a HTTPd server working with SELinux in permissive mode before I enforce it. The problem I've seen so far begins when the .html .php files get uploaded by the person in charge and they are labeled as "system_u:object_r:default_t" and the label needs to be "user_u:system_r:httpd_t"
The resulting error:
avc: denied { getattr } for pid=8244 comm="httpd" name="/" dev=hda5 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:default_t tclass=dir
I added that folder to be labeled as "user_u:system_r:httpd_t" in "/etc/selinux/targeted/src/policy/file_contexts/file_contexts" to relabel it with "fixfiles restore" (and it works) but it's not practical to relabel everything everytime that user uploads a webpage.
What should I do?? My knowledge goes as far as labeling, do I need to set roles? or should I follow audit2allow advice for now. It would just be cool to autolabel every file uploaded by that user as "user_u:system_r:httpd_t"
Thanks,
Hugo Martin
---------------------------------
Preguntá. Respondé. Descubrí.
Todo lo que querías saber, y lo que ni imaginabas,
está en Yahoo! Respuestas (Beta).
Probalo ya!