SELinux should be off by default in FC3
Colin Walters
walters at redhat.com
Thu Oct 7 18:02:41 UTC 2004
On Thu, 2004-10-07 at 17:36 +0100, Joe Orton wrote:
> That's surely not the whole story if SELinux is on by default and Apache
> is covered by the targetted policy. The fact seems to be that you have
> to know and understand SELinux to be able to do the normal things you do
> with Apache, e.g. write CGI scripts, or change httpd.conf. I can't help
> thinking this will be a large source of user confusion.
That's absolutely true. We're trying to fundamentally improve Linux
security here, and people will have to learn new things. But with the
targeted policy and boolean support, it's also extremely easy to turn
off enforcement just for Apache if you like; run system-config-
securitylevel or setsebool httpd_disable_trans true. Yet another
alternative is to just run in permissive mode and figure out what you
need to change to alter the policy for your needs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041007/4676d123/attachment.sig>
More information about the fedora-devel-list
mailing list