From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id o23FG7xX016543 for ; Wed, 3 Mar 2010 10:16:07 -0500 Received: from mx1.redhat.com (localhost [127.0.0.1]) by msux-gh1-uea02.nsa.gov (8.12.10/8.12.10) with ESMTP id o23FGTrD010357 for ; Wed, 3 Mar 2010 15:16:29 GMT Message-ID: <4B8E7D2A.3010508@redhat.com> Date: Wed, 03 Mar 2010 10:15:54 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: Dominick Grift CC: russell@coker.com.au, SE-Linux Subject: Re: squid and apache References: <201003031007.35281.russell@coker.com.au> <4B8E3807.3060809@gmail.com> <4B8E7B5E.30005@redhat.com> In-Reply-To: <4B8E7B5E.30005@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On 03/03/2010 10:08 AM, Daniel J Walsh wrote: > On 03/03/2010 05:20 AM, Dominick Grift wrote: >> On 03/03/2010 12:07 AM, Russell Coker wrote: >> >>> How should we solve this? >>> >> I Wrote a blog with my view on this issue here: >> >> http://selinux-mac.blogspot.com/2010/02/about-apachecontenttemplate.html >> >> I am also interested in other views on this. >> > Dominic your example would not work since it would not have rules to > handle apache content is not present. What happens to you executable. > > I am not sure this would work. > optional_policy(` > apache_cgi_domain(backuppc_admin_t, backuppc_admin_exec_t) > ',` > gen_require(` > type bin_t; > ') > typealias bin_t alias backuppc_admin_exec_t; > ') > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to > majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. I do like the idea of the blog though. But it is a little harder then just what you suggest. Since you will loose httpd_backuppc_content_*t definitions. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.