File: //usr/share/setroubleshoot/plugins/__pycache__/allow_anon_write.cpython-36.pyc
3
nm�a�
�������������������@���sD���d�d�l�Z�e�j�d�d�d���Z�e�j�Z�d�d�l�T�d�d�l�m�Z���G�d�d���d�e���Z�d�S�) �����Nz�setroubleshoot-pluginsT)�Z�fallback)���*)���Pluginc����������������@���sL���e�Z�d�Z�e�d���Z�e�d���Z�e�d���Z�e�d���Z�e�d���Z�d�d���Z d�d ��Z
d
d���Z�d�S�)
��pluginz^
SELinux policy is preventing an httpd script from writing to a public
directory.
z�
SELinux policy is preventing an httpd script from writing to a public
directory. If httpd is not setup to write to public directories, this
could signal an intrusion attempt.
a
���
If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux
man page for further information:
"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>"
You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"
zNIf you want to allow $SOURCE_PATH to be able to write to shared public contentz�you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.c����������������C���s����d�|���}�|�S�)�Nzo# semanage fcontext -a -t public_content_rw_t $TARGET_PATH
# restorecon -R -v $TARGET_PATH
# setsebool -P %s %s��)���self��avc��argsZ�do_textr����r�����5/usr/share/setroubleshoot/plugins/allow_anon_write.py��get_do_text/���s��������z�plugin.get_do_textc����������������C���s����t�j�|�t�����d�|�_�d�S�)�NZ�green)�r������__init__��__name__��level)�r����r����r����r ���r����5���s��������z�plugin.__init__c����������������C���s����|�j�d�g���r�|�j�|�j���r�|�j�d�g���r.|�j�d���S�|�j�d�g���rD|�j�d���S�|�j�d�g���rZ|�j�d���S�|�j�d g���rp|�j�d���S�|�j�d�g���r�|�j�d���S�|�j�d
g���r�|�j�d���S�d�S�)�NZ�public_content_tZ�httpd_t��allow_httpd_anon_write��1Z�httpd_sys_script_t�!allow_httpd_sys_script_anon_writeZ�ftpd_t��allow_ftpd_anon_writeZ�nfsd_t��allow_nfsd_anon_writeZ�rsync_t��allow_rsync_anon_writeZ�smbd_t��allow_smbd_anon_write)�r����r����)�r����r����)�r����r����)�r����r����)�r����r����)�r����r����)�Z�matches_target_typesZ�all_accesses_are_inZ�create_file_permsZ�matches_source_typesZ�report)�r����r����r����r����r �����analyze9���s������������
���
���
���
���
���
�z�plugin.analyzeN)�r�����
__module__��__qualname__��_Z�summaryZ�problem_descriptionZ�fix_descriptionZ�if_textZ then_textr
���r����r����r����r����r����r ���r��������s��������������������������r����)���gettextZ�translationr����Z�setroubleshoot.utilZ�setroubleshoot.Pluginr����r����r����r����r����r �����<module>����s
�������������