apache configtest

Stephen Smalley sds at epoch.ncsc.mil
Mon Oct 25 13:05:37 UTC 2004


On Mon, 2004-10-25 at 05:20, Joe Orton wrote:
> There's also the issue that httpd *does* need terminal access during
> during startup for configurations using encrypted private SSL keys:
> mod_ssl will open /dev/tty to prompt for a password.

Yes, I think there is an open bugzilla on that issue.

The init script could interpose a pty and proxy the exchange so that the
daemon never needs direct access to the original tty.

Or, one _could_ conditionally allow access to the tty by httpd_t based
on a policy boolean, and have httpd or the init script explicitly toggle
the boolean after startup to remove access after initialization.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-test-list mailing list