Applications generally run with a static context, which inhibits all privileges that are needed for the application. Even services (daemons) generally stay within their own context during the entire life cycle of the service. But, with mod_selinux
, it is possible to transition the context of the web server handler (the process or thread responsible for handling a specific request) to another context based on the authenticated user. This allows the administrator to grant certain privileges to the application based on the user. When a lower-privileged user abuses a vulnerability in the web application, then the reduced privileges on the web application itself might prevent a successful exploit.
Argentina
Australia
Austria
Belgium
Brazil
Bulgaria
Canada
Chile
Colombia
Cyprus
Czechia
Denmark
Ecuador
Egypt
Estonia
Finland
France
Germany
Great Britain
Greece
Hungary
India
Indonesia
Ireland
Italy
Japan
Latvia
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Netherlands
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Russia
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sweden
Switzerland
Taiwan
Thailand
Turkey
Ukraine
United States