On Fri, Nov 04, 2005 at 12:11:50AM +1100, Russell Coker wrote: > On Thursday 03 November 2005 21:15, Joe Orton <jorton@xxxxxxxxxx> wrote: > > I'd also like to mention again that the new FC4 policy of only applying > > SELinux policy if httpd is started from the init script is confusing the > > hell out of people. It breaks the principle of least astonishment. I'd > > much rather live with the fact that SELinux policy is *always* applied, > > and the fallout from that, than see this confusion of people hitting > > SELinux policy issues, get confused, restart httpd, see them disappear, > > etc. > > That would be a bug not a feature. > > I've tried to reproduce your problem but I can't. I installed a FC4 machine > and updated it to selinux-policy-targeted-1.27.1-2.11 and > kernel-2.6.13-1.1532_FC4. I tried both with and without httpd_disable_trans > set, in both cases the same domain was used for the httpd regardless of > whether it was started by system boot scripts or the administrator. [root@jolt ~]# service httpd start Starting httpd: [ OK ] [root@jolt ~]# ps -Z -C httpd LABEL PID TTY TIME CMD root:system_r:httpd_t 4027 ? 00:00:00 httpd root:system_r:httpd_t 4029 ? 00:00:00 httpd ... [root@jolt ~]# service httpd stop Stopping httpd: [ OK ] [root@jolt ~]# httpd -k start [root@jolt ~]# ps -Z -C httpd LABEL PID TTY TIME CMD root:system_r:unconfined_t 4059 ? 00:00:00 httpd root:system_r:unconfined_t 4060 ? 00:00:00 httpd root:system_r:unconfined_t 4061 ? 00:00:00 httpd ... [root@jolt ~]# rpm -q httpd fedora-release selinux-policy-targeted httpd-2.0.54-10.2 fedora-release-4-2 selinux-policy-targeted-1.27.1-2.11 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
