CentOS - Jan 2011 - httpd and selinux

Hello,

Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I
have :

$ ps -Ze
LABEL                             PID TTY          TIME CMD
user_u:system_r:httpd_t         12833 ?        00:00:00 httpd

Is it normal for httpd to have this context (user_u:system_r:httpd_t) ?
I was expecting system_u:system_r:httpd_t.

And if it is not normal, is it because I have restarted httpd by hand
(service httpd restart), or because I have broken something in my
configuration ?

Thanks,

-- 
Philippe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/14/2011 10:22 AM, Philippe Naudin wrote:
> Hello,
> 
> Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I
> have :
> 
> $ ps -Ze
> LABEL                             PID TTY          TIME CMD
> user_u:system_r:httpd_t         12833 ?        00:00:00 httpd
> 
> Is it normal for httpd to have this context (user_u:system_r:httpd_t) ?
> I was expecting system_u:system_r:httpd_t.
> 
> And if it is not normal, is it because I have restarted httpd by hand
> (service httpd restart), or because I have broken something in my
> configuration ?
> 
> Thanks,
> 
Yes this is normal, this indicates that some one running as user_u,
restarted the daemon.  system_u would indicate that it was started at boot.

The user component of SELinux is pretty much ignored when it comes to
access control.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0wargACgkQrlYvE4MpobOBMACfTHA4Yk1A2YhZ7G2gG+NPxekd
R2MAnRX8DlHqe4q3Ubc8586XjsUiAlzc
=Ll9R
-----END PGP SIGNATURE-----