Creating a custom CGI domain
Sometimes, it might not be necessary to create a full set of types. Consider a CGI script that is triggered but without the need for a specific set of content types. Sure, one can mark the script as httpd_sys_script_exec_t
(if it is a system's CGI script) or httpd_user_script_exec_t
(if it is a user's custom CGI script) so that the resulting script runs in the httpd_sys_script_t
or httpd_user_script_t
domain.
But, if those domains do not hold enough privileges (or too many privileges), it might be wise to create a custom CGI domain instead.
How to do it…
To create a custom CGI domain, the following approach can be used:
- Create a custom SELinux policy module (
mycgiscript.te
) with the following content:policy_module(mycgiscript, ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.