applying SELinux policy for httpd
Russell Coker
russell at coker.com.au
Thu Nov 3 13:11:50 UTC 2005
On Thursday 03 November 2005 21:15, Joe Orton <jorton at redhat.com> wrote:
> I'd also like to mention again that the new FC4 policy of only applying
> SELinux policy if httpd is started from the init script is confusing the
> hell out of people. It breaks the principle of least astonishment. I'd
> much rather live with the fact that SELinux policy is *always* applied,
> and the fallout from that, than see this confusion of people hitting
> SELinux policy issues, get confused, restart httpd, see them disappear,
> etc.
That would be a bug not a feature.
I've tried to reproduce your problem but I can't. I installed a FC4 machine
and updated it to selinux-policy-targeted-1.27.1-2.11 and
kernel-2.6.13-1.1532_FC4. I tried both with and without httpd_disable_trans
set, in both cases the same domain was used for the httpd regardless of
whether it was started by system boot scripts or the administrator.
Tell me more details about your problem and I'll try to reproduce it.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list