Displaying 3 results from an estimated 3 matches for "base_ro_file_typ".
Did you mean:
base_ro_file_type
2018 Sep 10
1
Type enforcement / mechanism not clear
...scuss that all "etc_t" files can be read but why
>> sysctl.conf with "system_conf_t" type can be read where it shouldn't??
>>
>> Any pointer would be greatly appreciated.
>>
>
> We allow apache and all domains to read all of what we define as base_ro_file_type types.
>
> sesearch -A -s httpd_t -t system_conf_t -p read
> allow domain base_ro_file_type:dir { getattr ioctl lock open read search };
> allow domain base_ro_file_type:file { getattr ioctl lock open read };
> allow domain base_ro_file_type:lnk_file { getattr read };
> allow ht...
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>> <no output>
>>
>> # sesearch -ACR -s httpd_t -c file
2018 Sep 09
0
Type enforcement / mechanism not clear
...; Any pointer would be greatly appreciated.
>
> --
> LF
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
We allow apache and all domains to read all of what we define as
base_ro_file_type types.
sesearch -A -s httpd_t -t system_conf_t -p read
allow domain base_ro_file_type:dir { getattr ioctl lock open read search };
allow domain base_ro_file_type:file { getattr ioctl lock open read };
allow domain base_ro_file_type:lnk_file { getattr read };
allow httpd_t base_ro_file_type:file {...