Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: New Apache policy
From: Tom <tom_at_lemuria.org>
Date: Fri, 25 Oct 2002 16:42:28 +0200
I don't yet feel comfortable with these defines, so I've left them out for now. However, it definitely is a good idea. I've also thought about writing a php.te file instead of including PHP stuff in apache.te, which is pretty large as it is. Maybe I'll still do that later, reorganizing apache into apache.te, apache-cgi.te, etc. Advantage: With the Debian install process you could choose right there which options to include. I have attached two diff files, both against the latest default policy. One is for apache, taking into account your comments and adding a section for running PHP as a CGI, but with its own type. I did this because I believe many people will want to give PHP scripts more access than they would other scripts. It also helps me to seperate out the PHP stuff from the other CGI and suexec parts. The second diff is a new subversion policy, using a macro as you suggested. It was a lot of work to get it right initially, but I do agree that it's the better way to do it. Again, if anyone has comments or suggestions, please don't hesitate. I feel more comfortable with writing SELinux policies every day, but I'm still just beginning. -- PGP/GPG key: http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5Received on Fri 25 Oct 2002 - 10:56:40 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |