[NTLUG:Discuss] How to enforce SELinux type context (httpd_sys_content_t)
Rick Renshaw
bofh69 at yahoo.com
Thu Sep 25 10:57:37 CDT 2014
Selinux is a bit more complex than that. The enforcement depends on the context that is trying to access the file also. What context is your web server running under? Ps -Z will show process contexts. What does your audit log (/var/log/audit/audit.log) show?
Basically what you want to end up with is your web server running in a context like system_u: httpd_sys_content_t. Then it won't be able to cross to the unconfined context on your error.html.
I'm traveling right now, so I can't really provide a better example. There is a lot of excellent documentation on how selinux works, you should probably read some of that to understand how selinux enforcement works.
Rick
Sent from Yahoo Mail on Android
More information about the Discuss
mailing list