Joe Orton wrote:
On Fri, Jul 08, 2005 at 09:43:30AM -0400, Stephen Smalley wrote:
On Fri, 2005-07-08 at 14:15 +0100, Joe Orton wrote:
Eh? I thought the transition happens upon exec of httpd regardless of
who performs the exec. Empirical evidence suggests that's the case
anyway...
[root@tango ~]# service httpd stop
Stopping httpd: [ OK ]
[root@tango ~]# apachectl start
[root@tango ~]# ps axZ | grep httpd
root:system_r:httpd_t 30536 ? Ss 0:00 /usr/sbin/httpd -k start
On FC4, apachectl start leaves it running in unconfined_t. In FC3,
since the system starts in unconfined_t (so both rc scripts and user
shells are in the same domain), there is no distinction, so you wouldn't
see a difference there.
OK - can that be changed? I'd really much rather that apachectl, the
init script, and direct invocation of /usr/sbin/httpd all had the same
behaviour, as has been (mostly) the case forever.
joe
It already has been. apachectl is set to initrc_exec_t whith will start
httpd in the correct context. Install
the latest policy for FC4 and run restorecon on apachectl if it is not
set to initrc_exec_t.
Dan
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
