Book Image

SELinux Cookbook

By : Sven Vermeulen
Book Image

SELinux Cookbook

By: Sven Vermeulen

Overview of this book

Table of Contents (17 chapters)
SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Separating virtual hosts with mod_selinux


One of Apache's strengths is that it can differentiate sites based on the name used to connect to the server, rather than just the IP address, port, and URL. This is called virtual host support and is a very popular approach to multitenant website and web application hosting.

For instance, a web server running on a single IP address can still host the sites of multiple customers, say www.companyX.com and www.companyY.com. With mod_selinux, we can change the context or security clearance of the web server request handlers based on the associated virtual host.

How to do it…

The following approach distinguishes virtual host confinement through mod_selinux:

  1. Decide on the contexts for the individual tenants. In the previous chapter, we used s0:c100 for company X and s0:c101 for company Y.

  2. In each virtual host, set the right clearance. For instance, for company X set the clearance as follows:

    <VirtualHost *:443>
      ServerName www.companyX.com
      selinuxDomainVal...