On Wed, Aug 22, 2007 at 04:56:25PM -0400, Josh wrote: > Is there an easy way to get the apr_proc_fork mechanism to set the SELinux > context or domain of child scripts? I am using an experimental module > (mod_wsgi) to run Python scripts; the Python script is run in a Python > interpreter which in turn is embedded in child HTTPD processes. These > child HTTPD processes run as individual Linux users. I'd also like to be > able to set their security contexts/domains.
You can do this using the libselinux API directly - see setexeccon() or setcon(). joe
