|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Thu, 2012-02-09 at 07:59 -0500, Edward Ned Harvey wrote: > The situation is this: I'm supporting a web hosting company who uses > drupal, and they're constantly adding & removing plugins via drush. > Since this is a non-OS-specific application, it doesn't know anything > about how it should set the context on files it creates. Fortunately, > (!) my client has been hacked before, so they're extremely cautious > when it comes to ignoring selinux practices. They are manually > changing the context of all these files, which is tedious. But at > least they're doing it. Given that it doesn't know the actual context it wants to use, perhaps it should just invoke restorecon on the files or use the selinux_lsetfilecon_default(3) API after creating them. That will look up the policy-specified context (from the file_contexts configuration) and apply it. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
