File: //usr/share/setroubleshoot/plugins/__pycache__/allow_anon_write.cpython-39.opt-1.pyc
a
������Z`�
�����������������������@���sD���d�d�l�Z�e�j�d�d�d���Z�e�j�Z�d�d�l�T�d�d�l�m�Z���G�d�d���d�e���Z�d�S�) �����Nz�setroubleshoot-pluginsT)�Z�fallback)���*)���Pluginc��������������������@���sL���e�Z�d�Z�e�d���Z�e�d���Z�e�d���Z�e�d���Z�e�d���Z�d�d���Z d�d ��Z
d
d���Z�d�S�)
��pluginz^
SELinux policy is preventing an httpd script from writing to a public
directory.
z�
SELinux policy is preventing an httpd script from writing to a public
directory. If httpd is not setup to write to public directories, this
could signal an intrusion attempt.
a
���
If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux
man page for further information:
"setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t <path>"
You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t <path>"
zNIf you want to allow $SOURCE_PATH to be able to write to shared public contentz�you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.c��������������������C���s����d�|���}�|�S�)�Nzo# semanage fcontext -a -t public_content_rw_t $TARGET_PATH
# restorecon -R -v $TARGET_PATH
# setsebool -P %s %s��)���self��avc��argsZ�do_textr����r�����5/usr/share/setroubleshoot/plugins/allow_anon_write.py��get_do_text/���s������������z�plugin.get_do_textc��������������������C���s����t���|�t�����d�|�_�d�S�)�NZ�green)�r������__init__��__name__��level)�r����r����r����r ���r����5���s��������z�plugin.__init__c��������������������C���s����|���d�g���r�|���|�j���r�|���d�g���r.|���d���S�|���d�g���rD|���d���S�|���d�g���rZ|���d���S�|���d�g���rp|���d ��S�|���d
g���r�|���d���S�|���d�g���r�|���d
��S�d�S�)�NZ�public_content_tZ�httpd_t)�Z�allow_httpd_anon_write��1Z�httpd_sys_script_t)�Z!allow_httpd_sys_script_anon_writer����Z�ftpd_t)�Z�allow_ftpd_anon_writer����Z�nfsd_t)�Z�allow_nfsd_anon_writer����Z�rsync_t)�Z�allow_rsync_anon_writer����Z�smbd_t)�Z�allow_smbd_anon_writer����)�Z�matches_target_typesZ�all_accesses_are_inZ�create_file_permsZ�matches_source_typesZ�report)�r����r����r����r����r �����analyze9���s �������
�����
���
���
���
���
���
�z�plugin.analyzeN)�r�����
__module__��__qualname__��_Z�summaryZ�problem_descriptionZ�fix_descriptionZ�if_textZ then_textr
���r����r����r����r����r����r ���r��������s��������������������r����)���gettextZ�translationr����Z�setroubleshoot.utilZ�setroubleshoot.Pluginr����r����r����r����r����r �����<module>����s
�������������