-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/16/2013 10:11 AM, m.roth(a)5-cent.us wrote:
Before I create a local policy, could someone explain to me the
reason that
the standard policy (CentOS 6.4,
selinux-policy-3.7.19-195.el6_4.12.noarch,
selinux-policy-targeted-3.7.19-195.el6_4.12.noarch) does not allow a .cgi
script to read a configuration file?
grep ticket2 /var/log/audit/audit.log | audit2allow
#============= httpd_sys_script_t ============== allow httpd_sys_script_t
httpd_config_t:file { read ioctl open getattr };
mark
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Probably because no one has asked. I guess you could argue their could be
private data in these files and we would not want to allow cgi scripts to read
it? Potentially secrets.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlHlXtQACgkQrlYvE4MpobOocwCeLZcAfMkbYdFcCZYG1TCClcb2
fy8AniyDj2psX5YZLPRYcHrmFYvMYcBJ
=ryJK
-----END PGP SIGNATURE-----