implications of httpd_unified

Scott Radvan sradvan at redhat.com
Tue Mar 17 05:33:08 UTC 2009


Hi all,


I have taken ownership of development on the Fedora 11 SELinux
(Managing Confined Services) guide, and am currently trying to build on
the descriptions of the purposes, uses and implications of
enabling/disabling some of the available Booleans.

I am wondering if anybody can expand or has any comments on this
description of the httpd_unified Boolean, as there doesn't seem to be a
great deal out there about it.

"This Boolean is off by default, turning it on will allow all httpd
executables to have full access to all content labeled with a http file
context. Leaving it off makes sure that one httpd service can not
interfere with another."

Specifically I am interested in what is meant by a service that can not
"interfere with another" in the case of http_unified, but any comments
which may help me refine the description are more than welcome.


Thank you,


-- 
Scott Radvan, Content Author
Red Hat APAC (Brisbane) http://www.apac.redhat.com




More information about the fedora-selinux-list mailing list