Re: Run webapp/MoinMoin as a SELinux domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Per Sjoholm wrote:
> I would like to lock down different web apps run by httpd(apache).
> As it is today only way to let MoinMoin send email is to allow all to
> use sendmail.
> I use a db and that means that every application is allow to ...
> 
> Is it possible to have httpd confined and only open needed net resources
> for certain
> apps ?
> To use some form of m4 macro.
> /var/www/moin/xyx/cgi-bin/moin.cgi  ->  httpd-xyz_t
> /var/www/moin/xxx/cgi-bin/moin.cgi  ->  httpd-xxx_t
> 
Well you could write your own policy for the cgi yes.

system-config-selinux/polgengui makes this fairly easy.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHHPwWrlYvE4MpobMRAgLkAJ9hiTquSjtv5TdcPQerP6Mmsk1kLACgkt1M
NrUlW/XKy3wWO+ZPZ9VhEHA=
=UdbV
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux