|
|
|
|
|
|
by module0000
3489 days ago
|
|
|
If your www-user can read /etc/passwd without 'avc: denied' appearing in your selinux log, you are doing it wrong. The whole idea behind selinux is to prevent this scenario from ever happening. Apache has a policy written for it, that specifies precisely which paths and contexts apache needs <X> type of access to. If it tries to access anything outside those paths and context, the selinux module denies the attempt. It's foolproof if you use it. It's also incredibly annoying if you are on a system with selinux enabled, but aren't familiar with selinux. |
|
|