In this chapter, we will cover the default confinement of the web server domain and practice how to enhance this policy to suit our needs. We will also look into mod_selinux
and how it can be used to confine web applications even further. All this will be handled through the following recipes:
Listing conditional policy support
Enabling user directory support
Assigning web content types
Using different web server ports
Using custom content types
Creating a custom CGI domain
Setting up mod_selinux
Starting Apache with limited clearance
Mapping HTTP users to contexts
Using source address mapping to decide on contexts
Separating virtual hosts with mod_selinux