Individual Domains for Particular PHP Scripts.
Stephen Smalley
sds at tycho.nsa.gov
Fri Jun 24 12:16:14 UTC 2005
On Fri, 2005-06-24 at 03:05 +0200, Tobias wrote:
> I've a bit experience with domain_auto_trans related by executable binaries
> (flow: user_t->execute binary->newtype_t->other_rights_than_user_t)
> and i hoped apache and php-scripts are similar
> (flow: httpd_t->execute script->httpd_new_t->other_rights_than_httpd_t).
>
> See my previous email (reply to Daniel Walsh), please.
Depends on whether apache forks and execs the interpreter in a separate
process, or just directly executes an interpreter in its own process
(via mod_php). My impression was that php is typically run in-process
by apache, thus you couldn't change domains for it without introducing
some kind of mod_dyntras module that performs a dynamic domain
transition in the apache process.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list