Run webapp/MoinMoin as a SELinux domain
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 22 19:37:58 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Per Sjoholm wrote:
> I would like to lock down different web apps run by httpd(apache).
> As it is today only way to let MoinMoin send email is to allow all to
> use sendmail.
> I use a db and that means that every application is allow to ...
>
> Is it possible to have httpd confined and only open needed net resources
> for certain
> apps ?
> To use some form of m4 macro.
> /var/www/moin/xyx/cgi-bin/moin.cgi -> httpd-xyz_t
> /var/www/moin/xxx/cgi-bin/moin.cgi -> httpd-xxx_t
>
Well you could write your own policy for the cgi yes.
system-config-selinux/polgengui makes this fairly easy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHHPwWrlYvE4MpobMRAgLkAJ9hiTquSjtv5TdcPQerP6Mmsk1kLACgkt1M
NrUlW/XKy3wWO+ZPZ9VhEHA=
=UdbV
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list