Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing Listunified_type patch for apache.
From: Daniel J Walsh <dwalsh_at_redhat.com>
Date: Tue, 19 Oct 2004 15:40:39 -0400
Comments? Dan
define(`apache_domain', `
-undefine(`apache_single_user')
+# This type is used for executable scripts files
+#
# Type that CGI scripts run as
# The following are the only areas that # scripts can read, read/write, or append to #+type httpd_$1_script_rw_t, file_type, httpdcontent, sysadmfile; +type httpd_$1_script_ra_t, file_type, httpdcontent, sysadmfile; file_type_auto_trans(httpd_$1_script_t, tmp_t, httpd_$1_script_rw_t) -type httpd_$1_script_ra_t, file_type, sysadmfile;
ifdef(`slocate.te', `
+if (unified_apache) { +create_dir_file(httpd_$1_script_t, httpdcontent) +} + +if (httpd_enable_cgi) && (unified_apache) { +ifelse($1, sys, ` +domain_auto_trans(httpd_t, httpdcontent, httpd_sys_script_t) +domain_auto_trans(httpd_suexec_t, httpdcontent, httpd_sys_script_t) +', ` +domain_auto_trans($1_t, httpdcontent, httpd_$1_script_t) +') +} + ifelse($1, sys, ` # # If a user starts a script by hand it gets the proper context @@ -130,7 +128,6 @@ role sysadm_r types httpd_$1_script_t; ', `
-ifdef(`single_userdomain', `', ` ######################################################################@@ -159,7 +156,6 @@
create_dir_file($1_t, { httpd_$1_script_ro_t httpd_$1_script_rw_t httpd_$1_script_ra_t })
allow $1_t { httpd_$1_script_ro_t httpd_$1_script_rw_t httpd_$1_script_ra_t }:{ file dir lnk_file } { relabelto relabelfrom };
# allow accessing files/dirs below the users home dir
if (httpd_enable_homedirs) {
#########################################allow httpd_$1_script_t httpd_log_t:file append;
-')dnl end apache_single_user ###############################################################################type http_port_t, port_type, reserved_port_type; +attribute httpdcontent; + +bool unified_apache false; + # Allow httpd cgi support bool httpd_enable_cgi false;
-- |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |