Help with Regular Expression to create new SeLinux context (to ignore user's directory name)

Support for security such as Firewalls and securing linux
Post Reply
seacent
Posts: 1
Joined: 2017/07/14 06:25:25

Help with Regular Expression to create new SeLinux context (to ignore user's directory name)

Post by seacent » 2017/07/14 07:01:00

Background:
For each website I create, a user is created and the files for that website will be placed in that user's directory.

ie for domain.com:
home/domain.com/cgi-bin
home/domain.com/logs
home/domain.com/awstats
home/domain.com/etc
home/domain.com/public_html

of course all the website's scripts goes into the public_html.
By default CentOS has predefined context rules for /var/www/html/
I use CMS (Joomla, etc) on my websites and I need to create additional context for auto labeling of files by SeLinux.

Goal:
I need to create custom contexts using:

Code: Select all

semanage fcontext -a -t httpd_sys_rw_content_t "/home/domain.com/public_html"
to define auto labeling based on my situation.

Problem:
I don't want to define the rule for each of my domains, rather I want a regular expression that ignores the /domain.com/ part



Question:
How could I create a regular expression that matches /home/ and /public_html/ but ignores the directory in between for my semanage fcontext?

Ie something like:

Code: Select all

"/home(/.*)?/public_html/cache"
that works on all of:
home/domain.com/public_html/cache/
home/domain.net/public_html/cache/
home/foo.com/public_html/cache/
home/bar.com/public_html/cache/

Thank you for your help

Post Reply