On Thu, Nov 03, 2005 at 09:27:51AM -0500, Stephen Smalley wrote: > On Thu, 2005-11-03 at 14:22 +0000, Joe Orton wrote: > > What's the problem for CGI scripts, I'm not sure what you're referring > > to here? > > A similar issue exists for them: whether or not to transition them into > their separate domains by default when a user runs them directly. As > with httpd, they lose access to the tty in that case, and thus cannot > display diagnostics. runcon can be used to force the desired behavior > regardless of the default. Oh, I see, tricky. I think I would go the opposite way on that one and not transition the scripts when run directly. (or if enabling httpd_tty_comm by default solves that problem too, just do that) joe -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
