DESCRIPTION. Security-Enhanced Linux secures the httpd_sys_script processes via flexible mandatory access control. The httpd_sys_script processes execute with the httpd_sys_script_t SELinux type. You can check if you have these processes running by executing the ps command with the .
httpd_ sys_script_exec_t – Set files with the httpd_ sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain. Paths:, httpd_sys_script_exec_t – Set files with the httpd_sys_script_exec_t type, if you want to transition an executable to the httpd_sys_script_t domain. Note: File context can be temporarily modified with the chcon command. If you want to permanently change the file context you need to use the semanage fcontext command. This will modify the SELinux labeling database.
To allow this, label the scripts with the httpd_sys_script_exec_t type and enable the httpd_enable_cgi Boolean. Scripts labeled with httpd_sys_script_exec_t run in the httpd_sys_script_t domain when executed by httpd. The httpd_sys_script_t domain has access to other system domains, such as postgresql_t and mysqld_t.
12/31/2020 · The includes/GlobalFunctions.php script file (and possibly other .php files in the MediaWiki install directory) must have the SELinux context type httpd_sys_script_exec_t to permits use of the PHP function.mkdir command. Without the correct context on the script, file uploads or thumbnail creation may fail on the attempt to create a hashed directory on the server.
httpd_sys_script_exec_t: Entrypoint (templated) Entrypoint for system CGI scripts (or other callable scripts) that need access to the system content files (httpd_sys_content_t) httpd_user_script_exec_t: Entrypoint (templated) Entrypoint for the user-provided scripts callable from the webserver instances httpd_squirrelmail_t: Content: Squirrelmail files, httpd_ sys_script_exec_t . Set cgi scripts with httpd_ sys_script_exec_t to allow them to run with access to all sys types. httpd_sys_script_ro_t. Set files with httpd_sys_script_ro_t if you want httpd_ sys_script_exec_t scripts to read the data, and disallow other sys scripts from access. httpd_sys_script_rw_t, Enable this Boolean to allow httpd to execute CGI scripts (CGI scripts must be labeled with the httpd_sys_script_exec_t type). httpd_enable_ftp_server Enabling this Boolean allows httpd to listen on the FTP port and act as an FTP server.
1/17/2020 · chcon –type httpd_ sys_script_exec_t *.so This worked for me when trying to view on mobile app, however as with the above (and comment 10) I had to also include the binary, x2t, so the following was done for me to make it work, semanage fcontext -a -t httpd_sys_script_exec_t ‘/whatever/scripts(/.*)?’ restorecon -R -v /whatever/scripts/ That allows Apache to execute PHP scripts in that directory, and persists after a reboot, or system-wide relabeling.
AppArmor, iptables, Kernel-based Virtual Ma…, Tomoyo Linux, Smack
