#
# mod_selinux.conf
# ----------------
# Apache/SELinux plus configuration

LoadModule selinux_module modules/mod_selinux.so

selinuxServerDomain	*:s0

#
# Example for the mapfile based configuration
# -------------------------------------------
#
# <Directory "/var/www/html">
# #
# # HTTP Basic Authentication
# #
# AuthType	Basic
# AuthName	"Secret Zone"
# AuthUserFile	/var/www/htpasswd
# Require	valid-user
#
# #
# # SELinux domain/range mapping
# #
# SetEnvIf Remote_Addr "192.168.1.[0-9]+$" SELINUX_DOMAIN=*:s0:c1
# SetEnvIf Remote_Addr "192.168.2.[0-9]+$" SELINUX_DOMAIN=*:s0:c2
# selinuxDomainMap	/var/www/mod_selinux.map
# selinuxDomainEnv	SELINUX_DOMAIN
# selinuxDomainVal	anon_webapp_t:SystemLow
#
# </Directory>

#
# Use Case: Virtual Host based separation
# ---------------------------------------
#
# NameVirtualHost *:80
#
# <VirtualHost *:80>
# DocumentRoot          /var/www/html
# ServerName            dog.example.com
# selinuxDomainVal      *:s0:c1
# </VirtualHost>
#
# <VirtualHost *:80>
# DocumentRoot          /var/www/html
# ServerName            cat.example.com
# selinuxDomainVal      *:s0:c2
# </VirtualHost>

#
# Use Case: Authentication integration with RDBMS
# -----------------------------------------------
#
# LoadModule dbd_module        modules/mod_dbd.so
# LoadModule authn_dbd_module  modules/mod_authn_dbd.so
#
# DBDriver    pgsql
# DBDParams  "dbname=web user=apache"
# # NOTE: Don't forget to install apr-util-pgsql package
# #       to connect PostgreSQL via mod_dbd.
#
# <Directory "/var/www/html">
# # Digest authentication
# # ---------------------
# # AuthType               Digest
# # AuthName               "Secret Zone"
# # AuthDigestProvider     dbd                  ... (4)
# # AuthDBDUserRealmQuery  \                    ... (5)
# #     "SELECT md5(uname || ':' || $2 || ':' || upass), udomain, \
# #             %s=%s as dummy FROM uaccount WHERE uname = $1"
#
# # SELinux context mapping
# # -----------------------
# selinuxDomainEnv         AUTHENTICATE_UDOMAIN ... (6)
# selinuxDomainVal         anon_webapp_t:SystemLow
# </Directory>
#
# We assume the PostgreSQL works on local machine, and it allows
# the apache user to connect the web database without passwords.
# In addition, uaccount table should be defined as follows:
#
#  CREATE TABLE uaccount (
#      uname     TEXT PRIMARY KEY,
#      upass     TEXT NOT NULL,
#      udomain   TEXT
#  );
#  INSERT INTO uaccount VALUES ('foo', 'xxx', 'user_webapp_t:s0:c0');
#  INSERT INTO uaccount VALUES ('var', 'yyy', 'staff_webapp_t:s0:c1');
#  INSERT INTO uaccount VALUES ('baz', 'zzz', 'anon_webapp_t:s0:c2');
#