applying SELinux policy for httpd
Joe Orton
jorton at redhat.com
Thu Nov 3 14:10:43 UTC 2005
On Thu, Nov 03, 2005 at 09:00:04AM -0500, Stephen Smalley wrote:
> On Thu, 2005-11-03 at 10:15 +0000, Joe Orton wrote:
> > I'd also like to mention again that the new FC4 policy of only applying
> > SELinux policy if httpd is started from the init script is confusing the
> > hell out of people. It breaks the principle of least astonishment. I'd
> > much rather live with the fact that SELinux policy is *always* applied,
> > and the fallout from that, than see this confusion of people hitting
> > SELinux policy issues, get confused, restart httpd, see them disappear,
> > etc.
> >
> > I'd really like to see this change reverted for FC5.
>
> Previously discussed in this thread:
> http://marc.theaimsgroup.com/?t=112089638800001&r=1&w=2
The argument above still stands after the change to make apachectl
behave like the init script. People are still getting confused by the
fact that Apache behaves differently if started via /usr/sbin/httpd.
joe
More information about the fedora-selinux-list
mailing list