applying SELinux policy for httpd
Ivan Gyurdiev
ivg2 at cornell.edu
Thu Nov 3 13:55:10 UTC 2005
Joe Orton wrote:
> I'd also like to mention again that the new FC4 policy of only applying
> SELinux policy if httpd is started from the init script is confusing the
> hell out of people. It breaks the principle of least astonishment. I'd
> much rather live with the fact that SELinux policy is *always* applied,
> and the fallout from that, than see this confusion of people hitting
> SELinux policy issues, get confused, restart httpd, see them disappear,
> etc.
>
> I'd really like to see this change reverted for FC5.
>
Check the state of the "direct_sysadm_daemon" tunable...
I think it should be set to 1 in your case. I am not quite sure of the
justification for a tunable.
More information about the selinux
mailing list