What should be the fcontext for a directory that contains cgi (or, in this case, ruby gems)?
mark
On 07/10/2014 11:25 AM, m.roth@5-cent.us wrote:
What should be the fcontext for a directory that contains cgi (or, in this case, ruby gems)?
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
httpd_sys_script_exec_t would probably be the right type.
On 07/14/2014 01:07 PM, Daniel J Walsh wrote:
On 07/10/2014 11:25 AM, m.roth@5-cent.us wrote:
What should be the fcontext for a directory that contains cgi (or, in this case, ruby gems)?
What is a path?
We have
/usr/share/gems/.*/Passenger.* -- gen_context(system_u:object_r:passenger_exec_t,s0) /usr/share/gems/.*/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0) /usr/lib/gems/.*/Passenger.* -- gen_context(system_u:object_r:passenger_exec_t,s0) /usr/lib/gems/.*/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0)
/usr/share/.*/gems/.*/helper-scripts/prespawn -- gen_context(system_u:object_r:passenger_exec_t,s0)
labeling in the policy.
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
httpd_sys_script_exec_t would probably be the right type.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 07/16/14 02:46, Miroslav Grepl wrote:
On 07/14/2014 01:07 PM, Daniel J Walsh wrote:
On 07/10/2014 11:25 AM, m.roth@5-cent.us wrote:
What should be the fcontext for a directory that contains cgi (or, in this case, ruby gems)?
What is a path?
We have
And we have all of our web stuff under an institutional path that is *not* /usr or /var/www.
mark
/usr/share/gems/.*/Passenger.* -- gen_context(system_u:object_r:passenger_exec_t,s0) /usr/share/gems/.*/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0) /usr/lib/gems/.*/Passenger.* -- gen_context(system_u:object_r:passenger_exec_t,s0) /usr/lib/gems/.*/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0)
/usr/share/.*/gems/.*/helper-scripts/prespawn -- gen_context(system_u:object_r:passenger_exec_t,s0)
labeling in the policy.
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
httpd_sys_script_exec_t would probably be the right type.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org