On Fri, 2005-06-24 at 03:05 +0200, Tobias wrote:
I've a bit experience with domain_auto_trans related by
executable binaries
(flow: user_t->execute binary->newtype_t->other_rights_than_user_t)
and i hoped apache and php-scripts are similar
(flow: httpd_t->execute script->httpd_new_t->other_rights_than_httpd_t).
See my previous email (reply to Daniel Walsh), please.
Depends on whether apache forks and execs the interpreter in a separate
process, or just directly executes an interpreter in its own process
(via mod_php). My impression was that php is typically run in-process
by apache, thus you couldn't change domains for it without introducing
some kind of mod_dyntras module that performs a dynamic domain
transition in the apache process.
--
Stephen Smalley
National Security Agency