How do I tell if SELinux is working?
Colin Walters
walters at redhat.com
Wed Jun 22 23:29:15 UTC 2005
On Wed, 2005-06-22 at 18:45 -0400, Jon August wrote:
> httpd is running with type:
>
> root:system_r:unconfined_t
>
> What does this mean? Is httpd a vulnerability on this machine?
This means that httpd is not confined by the SELinux policy. This means
you have less protection against a compromise or misconfiguration of
httpd or CGI scripts.
Since the default is for it to be enabled, someone (possibly you)
disabled SELinux protection for httpd; you can reenable it by using
system-config-securitylevel (or
"setsebool -P httpd_disable_trans=false").
More information about the fedora-selinux-list
mailing list