On Wed, 2004-10-27 at 15:30 +0100, Joe Orton wrote: > I'm still trying to understand your suggestion to move the bits of code > which do "config testing" into a separate /usr/sbin/httpd-configtest > binary, and how that would avoid the issue. I didn't mean to rewrite the Apache code. I meant just to have separate binaries with different labels: cp /usr/sbin/httpd /usr/sbin/httpd-configtest chcon -t sbin_t /usr/sbin/httpd-configtest That way, when init executes httpd-configtest, it does *not* domain transition to httpd_t, and thus retains privileges to write to the terminal. In this strict policy we might need to grant initrc_t access to httpd_config_t though. Or we could create a separate domain just for the config test, which would actually be a good idea, so that httpd -t wouldn't be able to act as a webserver, write pid files, etc. Does that make sense?