Package: apache2-mpm-itk Version: 2.2.22-9 Severity: wishlist Please provide a way to let mpm-itk set a Tomoyo domainname (Mandatory Access Control). It should be done by simply writing a string to a file. I think if the file is configurable, it should work for other MAC implementations too.
For Tomoyo it should be done by something like this: echo "<new domainname>" >/sys/kernel/security/tomoyo/self_domain For more information see: http://sourceforge.jp/projects/tomoyo/svn/view/branches/mod_tomoyo.c?revision=5673&root=tomoyo I am not much experienced in AppArmor, but for AppArmor this should work: echo "changehat <hat name>^<token>" >/proc/self/attr/current I think this approach (using MAC) should be much safer than suexec, because suexec is SUID which puts much trust to www-data account. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
