TOMOYO
Forkthank you tetsuo,
don't ask me why, but now it works. i checked out the latest revision of mod_ccs.c, rebuilt the
module, deleted the manual added domains, just added
"task manual_domain_transition <kernel> //apache /www.uni-leipzig.de /test1"
to "<kernel> /usr/sbin/apache2" and now the transition and domain-generation works:
0: 0 <kernel>
( //apache )
( /www.my-domain.local.de )
1: 1 * /test1
[..]
16: 0 * /usr/sbin/apache2
=> <kernel> //apache /www.my-domain.local /test1 ( -> 1 )
17: 0 /usr/lib/apache2/suexec
18: 0 /data/homewww/test1/webdir/cgi/php.fcgi
19: 0 /opt/php/phpfarm-0.1.0/inst/php-5.2.16/bin/php-cgi
however, with this i only can control read/write-permissions inside /data/homewww/test1/webdir/.
my problem now is that suexec and in the end the execution of the php-binary breaks out of the
manual domain transition. what i want to do is to regiment the rights of the php-binary (mainly
subsequent system calls to shell, process list, network configuration, ...).
so, i removed mod_ccs from apache again and switched back to the "classic" tomoyo-way by directly
controlling the domain
<kernel> /usr/sbin/apache2 /usr/lib/apache2/suexec /data/homewww/test1/webdir/cgi/php.fcgi
regards, hs