Individual Domains for Particular PHP Scripts.
Tobias
maillist at wolke7.net
Fri Jun 24 14:24:11 UTC 2005
Hi Stephen, hi ML,
> On Fri, 2005-06-24 at 03:05 +0200, Tobias wrote:
> > I've a bit experience with domain_auto_trans related by executable
> binaries
> > (flow: user_t->execute binary->newtype_t->other_rights_than_user_t)
> > and i hoped apache and php-scripts are similar
> > (flow: httpd_t->execute script->httpd_new_t->other_rights_than_httpd_t).
> >
> > See my previous email (reply to Daniel Walsh), please.
>
> Depends on whether apache forks and execs the interpreter in a separate
> process, or just directly executes an interpreter in its own process
> (via mod_php). My impression was that php is typically run in-process
> by apache, thus you couldn't change domains for it without introducing
> some kind of mod_dyntras module that performs a dynamic domain
> transition in the apache process.
I see. This means that my goal is only possible,
when use php as cgi modules, or?
Thanks for the clarification! Now, i know my way.
Maybe can Colin write examples in his update for
"Understanding and Customizing the Apache HTTP SELinux Policy" ;)
Cheers
Toby
> --
> Stephen Smalley
> National Security Agency
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
--
Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie!
Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl
More information about the selinux
mailing list