On Mon, 2004-10-25 at 05:20, Joe Orton wrote: > There's also the issue that httpd *does* need terminal access during > during startup for configurations using encrypted private SSL keys: > mod_ssl will open /dev/tty to prompt for a password. Yes, I think there is an open bugzilla on that issue. The init script could interpose a pty and proxy the exchange so that the daemon never needs direct access to the original tty. Or, one _could_ conditionally allow access to the tty by httpd_t based on a policy boolean, and have httpd or the init script explicitly toggle the boolean after startup to remove access after initialization. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency