Abnormal Apache behavior.
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 29 13:15:18 UTC 2005
Joe Orton wrote:
>On Fri, Jul 08, 2005 at 09:43:30AM -0400, Stephen Smalley wrote:
>
>
>>On Fri, 2005-07-08 at 14:15 +0100, Joe Orton wrote:
>>
>>
>>>Eh? I thought the transition happens upon exec of httpd regardless of
>>>who performs the exec. Empirical evidence suggests that's the case
>>>anyway...
>>>
>>>[root at tango ~]# service httpd stop
>>>Stopping httpd: [ OK ]
>>>[root at tango ~]# apachectl start
>>>[root at tango ~]# ps axZ | grep httpd
>>>root:system_r:httpd_t 30536 ? Ss 0:00 /usr/sbin/httpd -k start
>>>
>>>
>>On FC4, apachectl start leaves it running in unconfined_t. In FC3,
>>since the system starts in unconfined_t (so both rc scripts and user
>>shells are in the same domain), there is no distinction, so you wouldn't
>>see a difference there.
>>
>>
>
>OK - can that be changed? I'd really much rather that apachectl, the
>init script, and direct invocation of /usr/sbin/httpd all had the same
>behaviour, as has been (mostly) the case forever.
>
>joe
>
>
>
>
>
It already has been. apachectl is set to initrc_exec_t whith will start
httpd in the correct context. Install
the latest policy for FC4 and run restorecon on apachectl if it is not
set to initrc_exec_t.
Dan
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
--
More information about the fedora-selinux-list
mailing list