> From: Laurent Bigonville <[email protected]>
>
> ---
> nut.fc | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/nut.fc b/nut.fc
> index 0a929ef..c6c3632 100644
> --- a/nut.fc
> +++ b/nut.fc
> @@ -1,6 +1,13 @@
> +/etc/nut(/.*)? gen_context(system_u:object_r:nut_conf_t,s0)
[cut]
> +
> +/usr/lib/cgi-bin/nut/upsimage.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
> +/usr/lib/cgi-bin/nut/upsset.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
> +/usr/lib/cgi-bin/nut/upsstats.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
The above three entries should be probably added to httpd.fc rather than here, I think...
> /usr/sbin/upsd -- gen_context(system_u:object_r:nut_upsd_exec_t,s0)
> /usr/sbin/upsmon -- gen_context(system_u:object_r:nut_upsmon_exec_t,s0)
> --
> 1.7.10.4
On Tue, 2012-10-09 at 13:56 +0200, Guido Trentalancia wrote:
> > From: Laurent Bigonville <[email protected]>
> >
> > ---
> > nut.fc | 7 +++++++
> > 1 file changed, 7 insertions(+)
> >
> > diff --git a/nut.fc b/nut.fc
> > index 0a929ef..c6c3632 100644
> > --- a/nut.fc
> > +++ b/nut.fc
> > @@ -1,6 +1,13 @@
> > +/etc/nut(/.*)? gen_context(system_u:object_r:nut_conf_t,s0)
>
> [cut]
>
> > +
> > +/usr/lib/cgi-bin/nut/upsimage.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
> > +/usr/lib/cgi-bin/nut/upsset.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
> > +/usr/lib/cgi-bin/nut/upsstats.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
>
> The above three entries should be probably added to httpd.fc rather than here, I think...
I kind of agree but that is not how it is done unfortunately. Others
were against that.
So this is right
> > /usr/sbin/upsd -- gen_context(system_u:object_r:nut_upsd_exec_t,s0)
> > /usr/sbin/upsmon -- gen_context(system_u:object_r:nut_upsmon_exec_t,s0)
> > --
> > 1.7.10.4
>
On 10/09/12 08:25, Dominick Grift wrote:
>
>
> On Tue, 2012-10-09 at 13:56 +0200, Guido Trentalancia wrote:
>>> From: Laurent Bigonville <[email protected]>
>>>
>>> ---
>>> nut.fc | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/nut.fc b/nut.fc
>>> index 0a929ef..c6c3632 100644
>>> --- a/nut.fc
>>> +++ b/nut.fc
>>> @@ -1,6 +1,13 @@
>>> +/etc/nut(/.*)? gen_context(system_u:object_r:nut_conf_t,s0)
>>
>> [cut]
>>
>>> +
>>> +/usr/lib/cgi-bin/nut/upsimage.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
>>> +/usr/lib/cgi-bin/nut/upsset.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
>>> +/usr/lib/cgi-bin/nut/upsstats.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
>>
>> The above three entries should be probably added to httpd.fc rather than here, I think...
>
> I kind of agree but that is not how it is done unfortunately. Others
> were against that.
>
> So this is right
Right. Its an exception needed for using the content template. The fc entries need to go where the types are declared.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com