sealert返回的不同上下文不是ls -Z

时间:2016-04-07 15:24:58

标签: security centos selinux

我们有一个内部应用程序,它使用TinyButStrong插件生成excel电子表格。生成电子表格时,我一直收到以下错误

TinyButStrong Error OpenTBS Plugin: Method Flush() cannot overwrite the target file 'tmp_filespace_ngp/label_20160407104148_337902988.xlsx'. This may not be a valid file path or the file may be locked by another process or because of a denied permission. The process is ending, unless you set NoErr property to true.

如果我将selinux设置为允许excel电子表格成功创建,那么对我来说这似乎是一个selinux问题。

我在顶级目录TopLevelDirectory /上尝试了chcon httpd_sys_rw_content_t并收到了同样的错误。

使用sealert -a /var/log/audit.log

我收到了

SELinux is preventing /usr/sbin/httpd from write access on the directory tmp_filespace_ngp Additional Information:

Additional Information:
Source Context                system_u:system_r:httpd_t:s0
Target Context                unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects                tmp_filespace_ngp [ dir ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           httpd-2.4.6-40.el7.centos.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.13.1-23.el7.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     intWeb1.localdomain
Platform                      Linux intWeb1.localdomain 3.10.0-229.el7.x86_64 #1
                              SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64
Alert Count                   2
First Seen                    2016-04-07 10:33:21 EDT
Last Seen                     2016-04-07 10:41:48 EDT

ls -Z /TopLevelDirectory/

unconfined_u:object_r:httpd_sys_rw_content_t:s0 tmp_filespace_ngp

任何想法都将不胜感激,谢谢

1 个答案:

答案 0 :(得分:0)

解决了

的问题
setsebool -P httpd_unified 1

这似乎不是最好的解决方案,但我会研究找到正确的脚本并将正确的上下文应用于它。