httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47021] A new MPM (security) and mod_selinux module
Date Tue, 14 Apr 2009 14:00:36 GMT

--- Comment #5 from KaiGai Kohei <>  2009-04-14 07:00:30 PST ---
(In reply to comment #4)
> Any chance mod_selinux could assign privileges based on virtual-host, instead
> of (or in-addition to) http-authentication ?

The provide the following two configuration parameters:
- selinuxConfigFile
 It specifies the filename which defines associations between
 http-authentication and domain/range of SELinux.

- selinuxDefaultDomain
 It specifies the fallback domain/range of SELinux, when we have no
 configuration file or no matched entry.

If you put only selinuxDefaultDomain within virtual host definition,
it means we can assign a certain security context per virtual host.

> That would make it very interesting for for web-hosting, where you can give
> guest_t logins to your users, and only let them edit/see their own
> virtual-host's DocumentRoot both for ssh-sessjons and web-sessions.

I also think it is worthful and interesting use-case.
(Needless to say, it also need some reworks for security policy.)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message