On Sat, 2004-06-05 at 09:11, Khurt Williams wrote:
I installed Fedora Core 2. I did not enable selinux at install. How do I now enable it?
>>This may help >>http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
But it doesn't. I filed a bugzilla request for having post-install-without-selinux selinux installation instructions added to the faq. I used S.Smalley's remark at the end of https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00202.ht...
Chris
The link was very useful. Thanks.
On Sat, 05 Jun 2004 14:43:01 -0400, chris albert christopher.albert@mcgill.ca wrote:
On Sat, 2004-06-05 at 09:11, Khurt Williams wrote:
I installed Fedora Core 2. I did not enable selinux at install. How do I now enable it?
>>This may help >>http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
But it doesn't. I filed a bugzilla request for having post-install-without-selinux selinux installation instructions added to the faq. I used S.Smalley's remark at the end of https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00202.ht...
Chris
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Sat, 2004-06-05 at 11:43, chris albert wrote:
On Sat, 2004-06-05 at 09:11, Khurt Williams wrote:
I installed Fedora Core 2. I did not enable selinux at install. How do I now enable it?
>>This may help >>http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
But it doesn't. I filed a bugzilla request for having post-install-without-selinux selinux installation instructions added to the faq. I used S.Smalley's remark at the end of https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00202.ht...
These steps are now included in the FC2 version of the SELinux FAQ. Although that is the current FAQ I have posted, that is about to change since I am working on the FC3test1 FAQ. Here is the now and historical link for this question and answer:
http://people.redhat.com/kwade/fedora-docs/fc2/selinux-faq-en/index.html#id2...
- Karsten
Dear all,
I'm new to SELinux, hopefully my question is not a FAQ, I've googled around for a while but still no clues at all.
while I run sestatus, I found these messages...
allow_ypbind inactive httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_unified active named_disable_trans inactive named_write_master_zonesinactive
some of them are easy to understand, but the rest phrases, such as named_disable_trans, httpd_unified, are rather difficult. Does anybody know how to decode these?
TIA,
Patrick
Patrick Chiang wrote:
Dear all,
I'm new to SELinux, hopefully my question is not a FAQ, I've googled around for a while but still no clues at all.
while I run sestatus, I found these messages...
allow_ypbind inactive httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_unified active named_disable_trans inactive named_write_master_zonesinactive
some of them are easy to understand, but the rest phrases, such as named_disable_trans, httpd_unified, are rather difficult.
If you use system-config-securitylevel, these booleans get a better translation. It probably would be a good idea to use the translation table in s-c-sl for this tool. (Put it on my todo list. :^))
SERVICE_disable_trans - if active means that the SERVICE will run without SELinux protection, so if I can not get apache to run under SELinux I could specify
setsebool -P httpd_disable_trans 1
And then restart httpd, it will now run under unconfined_t instead of httpd_t.
httpd_unified - tells policy to treat all files marked as httpd content the same way. So httpd and freiends can read/write/execute all content.
Does anybody know how to decode these?
TIA,
Patrick
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Thanks Daniel, your approach is really smart :) I used to change the settings by the following,
# cd /etc/selinux/$selinux_policy/ # vi booleans (change something from F to T or vice versa) # load_policy policy/policy.18 booleans
now setsebool -P httpd_disable_trans 1 looks much cool :-)
thanks for sharing your experience :)
Patrick
If you use system-config-securitylevel, these booleans get a better translation. It probably would be a good idea to use the translation table in s-c-sl for this tool. (Put it on my todo list. :^))
SERVICE_disable_trans - if active means that the SERVICE will run without SELinux protection, so if I can not get apache to run under SELinux I could specify
setsebool -P httpd_disable_trans 1
And then restart httpd, it will now run under unconfined_t instead of httpd_t.
httpd_unified - tells policy to treat all files marked as httpd content the same way. So httpd and freiends can read/write/execute all content.
Does anybody know how to decode these?
selinux@lists.fedoraproject.org