52730 – SELinux - suexec2 to be added to apache.fc

Bug 52730 - SELinux - suexec2 to be added to apache.fc

Summary: SELinux - suexec2 to be added to apache.fc

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Chris PeBenito (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-06-01 15:08 UTC by Robert Paskowitz (RETIRED)
Modified:	2004-07-04 18:27 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Paskowitz (RETIRED) gentoo-dev

2004-06-01 15:08:11 UTC

apache2 requires access to /usr/sbin/suexec2, which is not currently allowed in the apache.fc. The apache.fc allows 'suexec' so following the example of:

/usr/sbin/apache(2)?    --      system_u:object_r:httpd_exec_t

I think:
/usr/sbin/suexec        --      system_u:object_r:httpd_suexec_exec_t
should change to.
/usr/sbin/suexec(2)?    --      system_u:object_r:httpd_suexec_exec_t

Comment 1 Chris PeBenito (RETIRED) gentoo-dev

2004-07-04 18:27:50 UTC

in selinux-apache-20040704