httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: [RFC] A new hook: invoke_handler and web-application security
Date Thu, 09 Apr 2009 03:40:32 GMT
KaiGai Kohei wrote:
> However, SElinux does not allow to revert its privilege (security context)
> unconditionally, even if it is dynamically changed.
> If we want to revert it, the security policy has to allow B->A in addition
> to A->B, but it is generally nonsense.
> It is also the reason why we need a one-time thread or process to assign
> individual privileges for each requests.

Sounds like it's time for you to hack up an alternate, selinux based mpm.

View raw message