Hi,
I'm new to RH5.x/SELinux.
I have a simple PHP script which will call passthru() or exec() to
invoke "/bin/ls" or other external
commands to do some taskes. The SELinux (targeted policy) deny the
action by default.
Following the message in sealert which ask me to relabel /bin/ls
to allow httpd to invoke /bin/ls from my PHP (ls.php) ... well, it's OK ... but
I'm wondering if I can only limit invoking "/bin/ls" from ONLY my
"ls.php".
So, other PHP still can't call exec() to invoke "/bin/ls".
Is this possible in targeted policy ?
Thanks
KC
Show replies by date