On Mon, 2011-10-03 at 12:29 -0400, Scott Gifford wrote:
PHP uploads files into a temporary directory, where they are given
the
label "httpd_tmp_t". When a PHP script processes them, it
calls move_uploaded_file to move the newly uploaded file into its
final location. This function does some validity checks, then does a
rename(2) from the temporary location to the location passwd to
move_uploaded_file.
Your web app would need to copy the file instead.
Or why not make your app create the file in the final destination in the
first place. then rename it there.
The problem is that after the rename, the file still retains its
original label, "httpd_tmp_t". That makes it inconsistent with files
and directories which weren't uploaded, and requires some policy
gymnastics to take into account that anything that could have been
uploaded might have the "httpd_tmp_t" type.
I am wondering if there is some good way to automatically relabel
this
file when it is renamed?
I would like for the PHP application to work on SELinux and
non-SELinux systems, so I would prefer not to make calls out to
SELinux-specific scripts and programs (like restorecon). What I would
really like is some configuration option that would just relabel files
according to their destination when they are rename(2)'d, but that may
be asking too much. :-)
That is not practical because whatever moves the file might not be
allowed to relabelto the target location type.
So i do not think that this is feasible.
Thanks for any advice,
-----Scott.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux