avoid script changing security context

Support for security such as Firewalls and securing linux
Post Reply
Skylla
Posts: 1
Joined: 2015/11/18 09:23:21

avoid script changing security context

Post by Skylla » 2015/11/18 13:46:01

Hello

I have a brand new CentOS 7 installation. I'm also new to SELinux.
I'm not new to linux, have been runing gentoo/arch on desktop for years.

I've added the following to /etc/selinux/targeted/contexts/files/file_contexts.local

Code: Select all

/home/user/request(/.*)* system_u:object_r:httpd_sys_content_rw_t:ts0
/home/user/files(/.*)*   system_u:object_r:httpd_sys_content_rw_t:ts0
I also have a cronjob running ass the user apache:

Code: Select all

9 1 * * * runcon -t httpd_sys_rw_content_t -r object_r -u system_u  /home/user/cleanup.sh > /dev/null
The runcon part is neccessary to avoid the cleanup.sh script from changing the security context for the files under /home/user/request/.

Is there a more generic to ensure that the script is run in the right context, so that it will not change the context of the files that it touche ?

(or change them into the right context if neccessary)

Post Reply

Return to “CentOS 7 - Security Support”