Abnormal Apache behavior.
Colin Walters
walters at redhat.com
Fri Jul 29 13:32:16 UTC 2005
On Fri, 2005-07-29 at 11:39 +0100, Joe Orton wrote:
> On Fri, Jul 08, 2005 at 09:43:30AM -0400, Stephen Smalley wrote:
> > On Fri, 2005-07-08 at 14:15 +0100, Joe Orton wrote:
> > > Eh? I thought the transition happens upon exec of httpd regardless of
> > > who performs the exec. Empirical evidence suggests that's the case
> > > anyway...
> > >
> > > [root at tango ~]# service httpd stop
> > > Stopping httpd: [ OK ]
> > > [root at tango ~]# apachectl start
> > > [root at tango ~]# ps axZ | grep httpd
> > > root:system_r:httpd_t 30536 ? Ss 0:00 /usr/sbin/httpd -k start
> >
> > On FC4, apachectl start leaves it running in unconfined_t. In FC3,
> > since the system starts in unconfined_t (so both rc scripts and user
> > shells are in the same domain), there is no distinction, so you wouldn't
> > see a difference there.
>
> OK - can that be changed? I'd really much rather that apachectl, the
> init script, and direct invocation of /usr/sbin/httpd all had the same
> behaviour, as has been (mostly) the case forever.
For direct invocation of /usr/sbin/httpd; we can't have it both ways.
It has to either be confined or not confined. People seem to want it
unconfined so e.g. httpd -t can still print to the terminal.
More information about the fedora-selinux-list
mailing list