Using dyntransition to reduce privileges for Web application
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 23 16:01:34 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/23/2011 12:44 AM, Scott Gifford wrote:
> On Wed, Feb 23, 2011 at 12:38 AM, Scott Gifford
> <sgifford at suspectclass.com <mailto:sgifford at suspectclass.com>> wrote:
>
> On Tue, Feb 22, 2011 at 9:00 AM, Daniel J Walsh <dwalsh at redhat.com
> <mailto:dwalsh at redhat.com>> wrote:
>
> On 02/21/2011 10:19 PM, Scott Gifford wrote:
>
> [ ... ]
>
> > Yeah, true, but I'm not sure how to cause them to have no category
> > either, apart from using setxattr.
> >
> I think if you do the file context correctly you can run
> restorecon -F
> to fix the label. If your CGI were in Code or python, you could use
> setfscreatecon, to set the label automatically.
>
>
> My code is in Perl,
>
>
> Also, are these the python bindings you're talking about above?
>
> http://sourceforge.net/projects/python-selinux/
>
>
> Those functions would be pretty easy for me to port to perl, if this
> would be useful to anybody else.
>
> -----Scott.
>
Yes that would be great or just fix up swig in libselinux to generate
perl bindings. We currently generate python and ruby bindings.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk1lL14ACgkQrlYvE4MpobN/fACeJkicIuwbC7FRAuYUdLF9eCi4
9fwAn2pyOBjlpNYgvmk7+41qLeyVBmEm
=BedC
-----END PGP SIGNATURE-----
More information about the selinux
mailing list