Displaying 4 results from an estimated 4 matches for "base_ro_fil".
Did you mean:
base_ro_files
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>> <no output>
>>
>> # sesearch -ACR -s httpd_t -c file
2018 Sep 09
1
Type enforcement / mechanism not clear
On 09/09/2018 07:19 AM, Daniel Walsh wrote:
> sesearch -A -s httpd_t -t system_conf_t -p read
>
> If you feel that these files should not be part of the base_ro_files
> then we should open that for discussion.
I think the question was how users would know that the policy allowed
access, as he was printing rules affecting httpd_t's file read access,
and looking for system_conf_t in the output.? I'm not sure if
base_ro_files is an alias, or if t...
2018 Sep 10
1
Type enforcement / mechanism not clear
...scuss that all "etc_t" files can be read but why
>> sysctl.conf with "system_conf_t" type can be read where it shouldn't??
>>
>> Any pointer would be greatly appreciated.
>>
>
> We allow apache and all domains to read all of what we define as base_ro_file_type types.
>
> sesearch -A -s httpd_t -t system_conf_t -p read
> allow domain base_ro_file_type:dir { getattr ioctl lock open read search };
> allow domain base_ro_file_type:file { getattr ioctl lock open read };
> allow domain base_ro_file_type:lnk_file { getattr read };
> all...
2018 Sep 09
0
Type enforcement / mechanism not clear
...; Any pointer would be greatly appreciated.
>
> --
> LF
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
We allow apache and all domains to read all of what we define as
base_ro_file_type types.
sesearch -A -s httpd_t -t system_conf_t -p read
allow domain base_ro_file_type:dir { getattr ioctl lock open read search };
allow domain base_ro_file_type:file { getattr ioctl lock open read };
allow domain base_ro_file_type:lnk_file { getattr read };
allow httpd_t base_ro_file_type:f...