httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47021] A new MPM (security) and mod_selinux module
Date Tue, 14 Apr 2009 14:00:36 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47021





--- Comment #5 from KaiGai Kohei <kaigai@ak.jp.nec.com>  2009-04-14 07:00:30 PST ---
(In reply to comment #4)
> Any chance mod_selinux could assign privileges based on virtual-host, instead
> of (or in-addition to) http-authentication ?

The mod_selinux.so provide the following two configuration parameters:
- selinuxConfigFile
 It specifies the filename which defines associations between
 http-authentication and domain/range of SELinux.

- selinuxDefaultDomain
 It specifies the fallback domain/range of SELinux, when we have no
 configuration file or no matched entry.

If you put only selinuxDefaultDomain within virtual host definition,
it means we can assign a certain security context per virtual host.

> That would make it very interesting for for web-hosting, where you can give
> guest_t logins to your users, and only let them edit/see their own
> virtual-host's DocumentRoot both for ssh-sessjons and web-sessions.

I also think it is worthful and interesting use-case.
(Needless to say, it also need some reworks for security policy.)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message