[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#680965: mpm-itk: Allow setting Tomoyo domainname (or other MAC implementations?)

Package: apache2-mpm-itk
Version: 2.2.22-9
Severity: wishlist

Please provide a way to let mpm-itk set a Tomoyo domainname (Mandatory
Access Control). It should be done by simply writing a string to a file.
I think if the file is configurable, it should work for other MAC
implementations too.

For Tomoyo it should be done by something like this:
echo "<new domainname>" >/sys/kernel/security/tomoyo/self_domain

For more information see:

I am not much experienced in AppArmor, but for AppArmor this should work:
echo "changehat <hat name>^<token>" >/proc/self/attr/current

I think this approach (using MAC) should be much safer than suexec,
because suexec is SUID which puts much trust to www-data account.

Reply to: