On Tue, 17 Mar 2009 15:33:08 +1000 Scott Radvan <sradvan@xxxxxxxxxx> wrote: > Hi all, > > > I have taken ownership of development on the Fedora 11 SELinux > (Managing Confined Services) guide, and am currently trying to build > on the descriptions of the purposes, uses and implications of > enabling/disabling some of the available Booleans. > > I am wondering if anybody can expand or has any comments on this > description of the httpd_unified Boolean, as there doesn't seem to be > a great deal out there about it. > > "This Boolean is off by default, turning it on will allow all httpd > executables to have full access to all content labeled with a http > file context. Leaving it off makes sure that one httpd service can not > interfere with another." > > Specifically I am interested in what is meant by a service that can > not "interfere with another" in the case of http_unified, but any > comments which may help me refine the description are more than > welcome. I think this means that say httpd_bugzilla_script_t can't access httpd_sys_* files and httpd_sys_script_t can't access httpd_bugzilla_* files etc. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
