We are working on the Fedora SELinux FAQ
Dominick Grift
domg472 at gmail.com
Fri Jan 22 23:48:40 UTC 2010
On 01/22/2010 01:48 PM, Daniel J Walsh wrote:
> Any comments? What should we add? What should we remove?
>
> http://sradvan.fedorapeople.org/SELinux_FAQ/#id2654720
>
>
> Dan
00:24 < dgrift> reading http://sradvan.fedorapeople.org/SELinux_FAQ/
00:25 < dgrift> two comments. first one i think most will agree with
regard to "Now, su/sudo only change the Linux identity."
00:25 < dgrift> sudo does domain transitions afaik (i use it every day)
00:27 < dgrift> its easier by default than the newrole command with su
as this requires you to type two passwords. one to identify as the
user (newrole) and one to identify as root (su)
00:28 < dgrift> second comment i do not think may will agree and i dont
know why: "What is the difference between a domain and a type? "
00:28 < dgrift> a domain is not a type. a domain type is a type
00:29 < dgrift> a domain is like an environment: it is all the rules
where a particular domain type is the source in an interaction.
00:38 < dgrift> "How do I enable/disable SELinux protection on specific
daemons under the targeted policy?" that answer also does not
apply on all systems.
00:39 < dgrift> workaround is to label apaches executable file with type
bin_t. That will cause apache to run in the init script
domain/environment. which is unconfined by default
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100123/98119afc/attachment.bin
More information about the selinux
mailing list