applying SELinux policy for httpd
Daniel J Walsh
dwalsh at redhat.com
Thu Nov 3 14:08:32 UTC 2005
Joe Orton wrote:
> I'd also like to mention again that the new FC4 policy of only applying
> SELinux policy if httpd is started from the init script is confusing the
> hell out of people. It breaks the principle of least astonishment. I'd
> much rather live with the fact that SELinux policy is *always* applied,
> and the fallout from that, than see this confusion of people hitting
> SELinux policy issues, get confused, restart httpd, see them disappear,
> etc.
>
We can revert it back. The problem this is trying to solve is the
terminal problem. IE a user goes out and runs
a cgi script and he gets no output. This is very confusing to the
user. What I can change is to transition httpd_exec_t from
unconfined_t to httpd_t, but not the cgi scripts. Would that work for you?
> I'd really like to see this change reverted for FC5.
>
> joe
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
More information about the fedora-selinux-list
mailing list