On 8 Apr 2009, at 03:27, Graham Dumpleton wrote:
[following up to Graham because two posts by him are all I have
in this thread]
2009/4/8 KaiGai Kohei <[email protected]>:
Graham Dumpleton wrote:
Explain first why using FASTCGI and suexec wouldn't be a better
option?
Thease are limited to cgi applications, so we cannot apply such kind
of restriction on the built-in script languages and references on
static documents (like *.html).
So why would a selinux context want to limit itself to the handler
phase?
Why not set the security context first thing in the request
processing cycle,
as with mod_privileges?
--
Nick Kew
