On Mon, 2014-08-04 at 10:29 -0500, Jeremy Young wrote:
I understand that the files are mislabeled and am hoping for another
solution too. I can create that type, but am more concerned with this
being the default label assigned to that directory and all of its
contents. Should this be considered a bug in the latest policy? An
update to my policy and a filesystem relabel is what's set the context
to lib_t in the first place.
I'll try the label httpd_sys_script_exec_t and report my results.
It is a bug in the SELinux security policy. The file (s) is
inappropriately classified as being a library file.
That said, the show must go on, and one can make configuration changes
to fix this "bug". This is what SELinux is all about.
On Mon, Aug 4, 2014 at 9:43 AM, Dominick Grift
<dominick.grift(a)gmail.com> wrote:
On Mon, 2014-08-04 at 08:52 -0500, Jeremy Young wrote:
> Hi Dominick,
>
>
> Thank you for the quick answer! I noticed that too about
the files
> in /usr/lib/mailman/cgi-bin being apparently mislabeled, but
I don't
> have that label available to me.
Then you could try httpd_sys_script_exec_t instead or
preferably create
your own mailman-cgi-exec type
Your solution sets a non-optimal precedence. You are changing
the
meaning of the lib_t type.
--
Jeremy Young, M.S., RHCSA