Thanks Daniel, your approach is really smart :) I used to change the settings by the following,
# cd /etc/selinux/$selinux_policy/ # vi booleans (change something from F to T or vice versa) # load_policy policy/policy.18 booleans
now setsebool -P httpd_disable_trans 1 looks much cool :-)
thanks for sharing your experience :)
Patrick
If you use system-config-securitylevel, these booleans get a better translation. It probably would be a good idea to use the translation table in s-c-sl for this tool. (Put it on my todo list. :^))
SERVICE_disable_trans - if active means that the SERVICE will run without SELinux protection, so if I can not get apache to run under SELinux I could specify
setsebool -P httpd_disable_trans 1
And then restart httpd, it will now run under unconfined_t instead of httpd_t.
httpd_unified - tells policy to treat all files marked as httpd content the same way. So httpd and freiends can read/write/execute all content.
Does anybody know how to decode these?