Patrick Chiang wrote:
Dear all,
I'm new to SELinux,
hopefully my question is not a FAQ,
I've googled around for a while but still no clues at all.
while I run sestatus, I found these messages...
allow_ypbind inactive
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_unified active
named_disable_trans inactive
named_write_master_zonesinactive
some of them are easy to understand,
but the rest phrases, such as named_disable_trans, httpd_unified, are
rather difficult.
If you use system-config-securitylevel, these booleans get a better
translation. It probably would be
a good idea to use the translation table in s-c-sl for this tool. (Put
it on my todo list. :^))
SERVICE_disable_trans - if active means that the SERVICE will run
without SELinux protection,
so if I can not get apache to run under SELinux I could specify
setsebool -P httpd_disable_trans 1
And then restart httpd, it will now run under unconfined_t instead of
httpd_t.
httpd_unified - tells policy to treat all files marked as httpd content
the same way.
So httpd and freiends can read/write/execute all content.
Does anybody know how to decode these?
TIA,
Patrick
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list