Page 1 of 1

avoid script changing security context

Posted: 2015/11/18 13:46:01
by Skylla

I have a brand new CentOS 7 installation. I'm also new to SELinux.
I'm not new to linux, have been runing gentoo/arch on desktop for years.

I've added the following to /etc/selinux/targeted/contexts/files/file_contexts.local

Code: Select all

/home/user/request(/.*)* system_u:object_r:httpd_sys_content_rw_t:ts0
/home/user/files(/.*)*   system_u:object_r:httpd_sys_content_rw_t:ts0
I also have a cronjob running ass the user apache:

Code: Select all

9 1 * * * runcon -t httpd_sys_rw_content_t -r object_r -u system_u  /home/user/ > /dev/null
The runcon part is neccessary to avoid the script from changing the security context for the files under /home/user/request/.

Is there a more generic to ensure that the script is run in the right context, so that it will not change the context of the files that it touche ?

(or change them into the right context if neccessary)