Using dyntransition to reduce privileges for Web application
Scott Gifford
sgifford at suspectclass.com
Wed Feb 23 05:38:30 UTC 2011
On Tue, Feb 22, 2011 at 9:00 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> On 02/21/2011 10:19 PM, Scott Gifford wrote:
>
[ ... ]
> > Yeah, true, but I'm not sure how to cause them to have no category
> > either, apart from using setxattr.
> >
> I think if you do the file context correctly you can run restorecon -F
> to fix the label. If your CGI were in Code or python, you could use
> setfscreatecon, to set the label automatically.
>
My code is in Perl, so I just printed the NULL-terminated context name to:
/proc/$$/attr/fscreate
It required that I give the process context setfscreate permission, like
this:
allow httpd_ppi_portal_app_t self:process setfscreate;
Now it is working great, thanks!
-----Scott.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110223/1cfd4c08/attachment.html
More information about the selinux
mailing list