On Thu, 2005-06-23 at 12:50 +0200, TobyD@xxxxxxxxxx wrote: > Hi SELinux users! > > I've > read: > http://fedora.redhat.com/docs/selinux-apache-fc3/sn-further-approaches.html#sn-cgi-subdomains Need to update that for FC4...soon, hopefully :) > What's wrong in my policy? Doesn't works the domain auto transition > properly ? How to separate PHP Scripts in their own domains? Are these PHP scripts actually being executed as separate processes? SELinux policy is applied at the level of processes; there is no builtin mechanism for confining different PHP scripts that run in the same httpd process. It would be possible to achieve some level of security by using dynamic domain transitions e.g. with an Apache module, but no one has written it yet. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list