Book Image

SELinux Cookbook

By : Sven Vermeulen
Book Image

SELinux Cookbook

By: Sven Vermeulen

Overview of this book

Table of Contents (17 chapters)
SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Creating a custom CGI domain


Sometimes, it might not be necessary to create a full set of types. Consider a CGI script that is triggered but without the need for a specific set of content types. Sure, one can mark the script as httpd_sys_script_exec_t (if it is a system's CGI script) or httpd_user_script_exec_t (if it is a user's custom CGI script) so that the resulting script runs in the httpd_sys_script_t or httpd_user_script_t domain.

But, if those domains do not hold enough privileges (or too many privileges), it might be wise to create a custom CGI domain instead.

How to do it…

To create a custom CGI domain, the following approach can be used:

  1. Create a custom SELinux policy module (mycgiscript.te) with the following content:

    policy_module(mycgiscript, 0.1)
    type cgiscript_t;
    type cgiscript_exec_t;
    domain_type(cgiscript_t)
    domain_entry_file(cgiscript_t, cgiscript_exec_t)
    apache_cgi_domain(cgiscript_t, cgiscript_exec_t)
  2. Create the proper file context file (mycgiscript.fc), marking the executable...