applying SELinux policy for httpd
Stephen Smalley
sds at tycho.nsa.gov
Thu Nov 3 14:02:16 UTC 2005
On Thu, 2005-11-03 at 09:02 -0500, Ivan Gyurdiev wrote:
> > Check the state of the "direct_sysadm_daemon" tunable...
> > I think it should be set to 1 in your case. I am not quite sure of the
> > justification for a tunable.
> Or rather.. maybe it needs to be defined in the sources package from
> which policy is built.
> I always get confused as to whether or not tunables can be changed at
> runtime - IIRC they can't.
In the current policy, tunables are compile-time (handled via m4 macro
expansion) and booleans are runtime (handled via policy language support
for conditional TE rules).
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list