我们有一个使用 TinyButStrong 插件生成 excel 电子表格的内部应用程序。生成电子表格时,我不断收到以下错误
TinyButStrong Error OpenTBS Plugin: Method Flush() cannot overwrite the target file 'tmp_filespace_ngp/label_20160407104148_337902988.xlsx'. This may not be a valid file path or the file may be locked by another process or because of a denied permission. The process is ending, unless you set NoErr property to true.
如果我将 selinux 设置为允许,则成功创建了 excel 电子表格,所以对我来说这似乎是一个 selinux 问题。
我在顶级目录 TopLevelDirectory/上尝试了 chcon httpd_sys_rw_content_t 并收到相同的错误。
使用
sealert -a /var/log/audit.log我收到
SELinux is preventing /usr/sbin/httpd from write access on the directory tmp_filespace_ngp Additional Information:
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects tmp_filespace_ngp [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host <Unknown>
Source RPM Packages httpd-2.4.6-40.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-23.el7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name intWeb1.localdomain
Platform Linux intWeb1.localdomain 3.10.0-229.el7.x86_64 #1
SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64
Alert Count 2
First Seen 2016-04-07 10:33:21 EDT
Last Seen 2016-04-07 10:41:48 EDT
冉
ls -Z /TopLevelDirectory/unconfined_u:object_r:httpd_sys_rw_content_t:s0 tmp_filespace_ngp任何想法将不胜感激,谢谢
最佳答案
解决了这个问题
setsebool -P httpd_unified 1
这似乎不是最好的解决方法,但我会寻找正确的脚本并将正确的上下文应用到它。
关于security - sealert 返回与 ls -Z 不同的上下文,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36480637/