On Fri, 2005-07-29 at 11:39 +0100, Joe Orton wrote: > On Fri, Jul 08, 2005 at 09:43:30AM -0400, Stephen Smalley wrote: > > On Fri, 2005-07-08 at 14:15 +0100, Joe Orton wrote: > > > Eh? I thought the transition happens upon exec of httpd regardless of > > > who performs the exec. Empirical evidence suggests that's the case > > > anyway... > > > > > > [root@tango ~]# service httpd stop > > > Stopping httpd: [ OK ] > > > [root@tango ~]# apachectl start > > > [root@tango ~]# ps axZ | grep httpd > > > root:system_r:httpd_t 30536 ? Ss 0:00 /usr/sbin/httpd -k start > > > > On FC4, apachectl start leaves it running in unconfined_t. In FC3, > > since the system starts in unconfined_t (so both rc scripts and user > > shells are in the same domain), there is no distinction, so you wouldn't > > see a difference there. > > OK - can that be changed? I'd really much rather that apachectl, the > init script, and direct invocation of /usr/sbin/httpd all had the same > behaviour, as has been (mostly) the case forever. For direct invocation of /usr/sbin/httpd; we can't have it both ways. It has to either be confined or not confined. People seem to want it unconfined so e.g. httpd -t can still print to the terminal. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list