Hi Colin, hi
ML,
:)
> What's wrong in my policy? Doesn't works the domain auto transition
> properly ? How to separate PHP Scripts in their own domains?
Are these PHP scripts actually being executed as separate processes?
SELinux policy is applied at the level of processes; there is no builtin
mechanism for confining different PHP scripts that run in the same httpd
process. It would be possible to achieve some level of security by
using dynamic domain transitions e.g. with an Apache module, but no one
has written it yet.
I've a bit experience with domain_auto_trans related by executable binaries
(flow: user_t->execute binary->newtype_t->other_rights_than_user_t)
and i hoped apache and php-scripts are similar
(flow: httpd_t->execute script->httpd_new_t->other_rights_than_httpd_t).
See my previous email (reply to Daniel Walsh), please.
TIA :)
Toby
--
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat:
http://www.gmx.net/de/go/dsl