Individual Domains for Particular PHP Scripts.

Tobias maillist at
Fri Jun 24 01:05:35 UTC 2005

Hi Colin, hi

> Need to update that for FC4...soon, hopefully :)


> > What's wrong in my policy?  Doesn't works the domain auto transition
> > properly ? How to separate PHP Scripts in their own domains?
> Are these PHP scripts actually being executed as separate processes? 
> SELinux policy is applied at the level of processes; there is no builtin
> mechanism for confining different PHP scripts that run in the same httpd
> process.  It would be possible to achieve some level of security by
> using dynamic domain transitions e.g. with an Apache module, but no one
> has written it yet.
I've a bit experience with domain_auto_trans related by executable binaries 
(flow: user_t->execute binary->newtype_t->other_rights_than_user_t)
and i hoped apache and php-scripts are similar 
(flow: httpd_t->execute script->httpd_new_t->other_rights_than_httpd_t).
See my previous email (reply to Daniel Walsh), please.

TIA :)

Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat:

More information about the fedora-selinux-list mailing list