SElinux httpd_t domain can write to files labeled with httpd_sys_content_t

Solution Verified - Updated -

Issue

  • A program running in the httpd_t domain is allowed to files labeled with httpd_sys_content_t.

  • Should this kind of access be denied? Assumption is that write access is only allowed to httpd_sys_rw_content_t.

Environment

  • Red Hat Enterprise Linux 6
  • SELinux

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content