Correct way to use booleans
Jayson Hurst
swazup at hotmail.com
Thu Feb 20 01:20:21 UTC 2014
Audit2Allow is suggesting that a boolean be turned on.
#!!!! This avc can be allowed using the boolean 'allow_ypbind'
allow vasd_t ldap_port_t:tcp_socket name_bind;
setsebool -P allow_ypbind 1
Should this boolean be enabled via my domains policy, or is this something the system administrator should turn on if they know they will be using NIS?
The same question can be asked for other things like http and samba.
#!!!! This avc can be allowed using one of the these booleans:
# samba_export_all_ro, samba_export_all_rw
allow smbd_t tmp_t:file getattr;
#!!!! This avc can be allowed using one of the these booleans:
# samba_create_home_dirs, samba_export_all_rw
allow smbd_t user_home_dir_t:dir { write create add_name };
setsebool -P samba_export_all_rw 1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140219/81dc074c/attachment.html>
More information about the selinux
mailing list