On Wed, 2004-11-10 at 11:25, dragoran wrote: > and how can I add a separte doiman for mysqld ? Sorry I am new to > selinux.... That was the first option suggested in Dan's initial reply, i.e. add the mysqld.te file he included in his reply to your policy, reload it, apply the file labels, and restart mysql. Then mysqld should run in its own domain (mysqld_t), the socket file should have a distinct type (mysqld_var_run_t), and you should be able to selectively allow httpd_t to connect to it without exposing the rest of your system. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
