https://issues.apache.org/bugzilla/show_bug.cgi?id=47021
--- Comment #5 from KaiGai Kohei <[email protected]> 2009-04-14 07:00:30 PST --- (In reply to comment #4) > Any chance mod_selinux could assign privileges based on virtual-host, instead > of (or in-addition to) http-authentication ? The mod_selinux.so provide the following two configuration parameters: - selinuxConfigFile It specifies the filename which defines associations between http-authentication and domain/range of SELinux. - selinuxDefaultDomain It specifies the fallback domain/range of SELinux, when we have no configuration file or no matched entry. If you put only selinuxDefaultDomain within virtual host definition, it means we can assign a certain security context per virtual host. > That would make it very interesting for for web-hosting, where you can give > guest_t logins to your users, and only let them edit/see their own > virtual-host's DocumentRoot both for ssh-sessjons and web-sessions. I also think it is worthful and interesting use-case. (Needless to say, it also need some reworks for security policy.) -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
