Dont know the meaning of sestatus's report
Daniel J Walsh
dwalsh at redhat.com
Thu Nov 11 10:59:40 UTC 2004
Patrick Chiang wrote:
>Dear all,
>
>I'm new to SELinux,
>hopefully my question is not a FAQ,
>I've googled around for a while but still no clues at all.
>
>while I run sestatus, I found these messages...
>
>allow_ypbind inactive
>httpd_disable_trans inactive
>httpd_enable_cgi active
>httpd_enable_homedirs active
>httpd_ssi_exec active
>httpd_unified active
>named_disable_trans inactive
>named_write_master_zonesinactive
>
>some of them are easy to understand,
>but the rest phrases, such as named_disable_trans, httpd_unified, are
>rather difficult.
>
>
If you use system-config-securitylevel, these booleans get a better
translation. It probably would be
a good idea to use the translation table in s-c-sl for this tool. (Put
it on my todo list. :^))
SERVICE_disable_trans - if active means that the SERVICE will run
without SELinux protection,
so if I can not get apache to run under SELinux I could specify
setsebool -P httpd_disable_trans 1
And then restart httpd, it will now run under unconfined_t instead of
httpd_t.
httpd_unified - tells policy to treat all files marked as httpd content
the same way.
So httpd and freiends can read/write/execute all content.
>Does anybody know how to decode these?
>
>TIA,
>
>Patrick
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
More information about the fedora-selinux-list
mailing list