On Mon, 2004-10-25 at 10:20 +0100, Joe Orton wrote: > On Sun, Oct 24, 2004 at 09:55:53PM -0400, Colin Walters wrote: > > On Sun, 2004-10-24 at 12:19 +0100, Joe Orton wrote: > > > > > Oh, this is still so insane! Do you want two copies of libphp4.so, one > > > which contains just the "config testing" code too, or what? > > > > No, that wouldn't be necessary. Each domain would have the privileges > > to map libphp4.so and use it. > > So why would any PHP code be deemed to be safe to have terminal access, > but not certain bits of httpd code? It doesn't have anything to do with the safety of PHP. Rather, it has to do with the fact that SELinux does *not* distinguish between different shared libraries within a single process. Once a process running as httpd_t loads a shared library, that library is part of the process and any code in it runs as httpd_t. > There's also the issue that httpd *does* need terminal access during > during startup for configurations using encrypted private SSL keys: > mod_ssl will open /dev/tty to prompt for a password. Ugh. Stephen's suggestion of having an init proxy here makes the most sense to me.