On Thu, 2005-01-27 at 11:25, John W. Lockhart wrote: > Aha! It is indeed mounted nosuid: > rw,nosuid,nodev,noatime,rsize=8192,wsize=8192,bg,intr,soft,context=system_u:object_r:httpd_sys_content_t > > Any other options I should or shouldn't have in there? Not clear you want to just remove nosuid, as that obviously has other security implications. If policy allowed httpd_t to set its exec context, then you could use a wrapper script that just does a runcon -t httpd_sys_script_t <realscript> to manually transition to the new domain. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
