Joe Orton wrote:
I'd also like to mention again that the new FC4 policy of only applying
SELinux policy if httpd is started from the init script is confusing the
hell out of people. It breaks the principle of least astonishment. I'd
much rather live with the fact that SELinux policy is *always* applied,
and the fallout from that, than see this confusion of people hitting
SELinux policy issues, get confused, restart httpd, see them disappear,
etc.
We can revert it back. The problem this is trying to solve is the
terminal problem. IE a user goes out and runs
a cgi script and he gets no output. This is very confusing to the
user. What I can change is to transition httpd_exec_t from
unconfined_t to httpd_t, but not the cgi scripts. Would that work for you?
I'd really like to see this change reverted for FC5.
joe
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
