> If so, no wonder you're having grief. While SELinux was off, your > system was writing files without setting any SELinux contexts. So,
If SELinux was set to permissive then it was writing data but allowing actions, if not then when you switched it on it would have done an automatic relabel on boot. This looks like the standard SELinux and cgi stuff. It's in the RHEL/Centos manual and very well documented elsewhere. Essentially however file permissions are not enough to enable the security policy to tell the difference between 'I've just busted your php script again' and 'legitimate access'. Labelling the cgi, scripts and data files allows you to tell it which files should be acessible and in what way - which dramatically cuts the impact of the php exploit. Alan -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
