1 Mar
2008
1 Mar
'08
9:49 a.m.
Hi,
I'm new to RH5.x/SELinux.
I have a simple PHP script which will call passthru() or exec() to invoke "/bin/ls" or other external commands to do some taskes. The SELinux (targeted policy) deny the action by default. Following the message in sealert which ask me to relabel /bin/ls to allow httpd to invoke /bin/ls from my PHP (ls.php) ... well, it's OK ... but I'm wondering if I can only limit invoking "/bin/ls" from ONLY my "ls.php". So, other PHP still can't call exec() to invoke "/bin/ls".
Is this possible in targeted policy ?
Thanks KC