From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id o23F8dSk015967 for ; Wed, 3 Mar 2010 10:08:39 -0500 Received: from mx1.redhat.com (localhost [127.0.0.1]) by msux-gh1-uea02.nsa.gov (8.12.10/8.12.10) with ESMTP id o23F90rD005467 for ; Wed, 3 Mar 2010 15:09:00 GMT Message-ID: <4B8E7B5E.30005@redhat.com> Date: Wed, 03 Mar 2010 10:08:14 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: Dominick Grift CC: russell@coker.com.au, SE-Linux Subject: Re: squid and apache References: <201003031007.35281.russell@coker.com.au> <4B8E3807.3060809@gmail.com> In-Reply-To: <4B8E3807.3060809@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On 03/03/2010 05:20 AM, Dominick Grift wrote: > On 03/03/2010 12:07 AM, Russell Coker wrote: > > >> How should we solve this? >> >> > I Wrote a blog with my view on this issue here: > > http://selinux-mac.blogspot.com/2010/02/about-apachecontenttemplate.html > > I am also interested in other views on this. > > Dominic your example would not work since it would not have rules to handle apache content is not present. What happens to you executable. I am not sure this would work. optional_policy(` apache_cgi_domain(backuppc_admin_t, backuppc_admin_exec_t) ',` gen_require(` type bin_t; ') typealias bin_t alias backuppc_admin_exec_t; ') -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.