Thanks Daniel,
your approach is really smart :)
I used to change the settings by the following,
# cd /etc/selinux/$selinux_policy/
# vi booleans
(change something from F to T or vice versa)
# load_policy policy/policy.18 booleans
now setsebool -P httpd_disable_trans 1 looks much cool :-)
thanks for sharing your experience :)
Patrick
>
If you use system-config-securitylevel, these booleans get a better
translation. It probably would be
a good idea to use the translation table in s-c-sl for this tool. (Put
it on my todo list. :^))
SERVICE_disable_trans - if active means that the SERVICE will run
without SELinux protection,
so if I can not get apache to run under SELinux I could specify
setsebool -P httpd_disable_trans 1
And then restart httpd, it will now run under unconfined_t instead of
httpd_t.
httpd_unified - tells policy to treat all files marked as httpd content
the same way.
So httpd and freiends can read/write/execute all content.
>Does anybody know how to decode these?