-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bruno Wolff III wrote:
I was making a modified version of the guest policy that needed to be
able
to edit and run some perl scripts that also are visible to the web server.
I used the manage_files macro and allowed execute, but I can't run the
script directly. But I can run it via perl.
For example:
[tomarndt@wolff area]$ ./newcheck.pl
-bash: ./newcheck.pl: /usr/bin/perl: bad interpreter: Permission denied
[tomarndt@wolff area]$ perl ./newcheck.pl
Ownership counts:
Ownership of games with owners owning less than 10 new games.
newcheck.pl starts with:
#!/usr/bin/perl
This is the modified policy for tom_t:
policy_module(tom,1.0.0)
########################################
#
# Declarations
#
userdom_restricted_user_template(tom)
require {
type httpd_sys_content_t;
type httpd_sys_script_exec_t;
type postgresql_tmp_t;
type postgresql_t;
}
########################################
#
# tom local policy
#
optional_policy(`
qmail_per_role_template(tom,tom_t,tom_r)
')
manage_dirs_pattern(tom_t, httpd_sys_content_t, httpd_sys_content_t)
manage_files_pattern(tom_t, httpd_sys_content_t, httpd_sys_content_t)
manage_files_pattern(tom_t, httpd_sys_script_exec_t, httpd_sys_script_exec_t)
allow tom_t postgresql_tmp_t:sock_file write;
allow tom_t postgresql_t:unix_stream_socket connectto;
allow tom_t httpd_sys_script_exec_t:file execute;
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
getsebool -a | grep xgues
allow_xguest_exec_content --> off
xguest is not allowed by default to execute anything in its home dir.
Turning on this boolean should allow it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkkhgM4ACgkQrlYvE4MpobMUlwCgos9O2+96RoMXEpMRRTvAXFeG
pyIAn2QtlkvXDObfqzKjOBtdbOGFcmkR
=N7MO
-----END PGP SIGNATURE-----