FC4 documentation for apache + selinux ?

Timothy Murphy tim at birdsnest.maths.tcd.ie
Fri Jan 6 14:36:38 UTC 2006 

Paul Howarth wrote:

> What's the output of:
> 
> # getsebool -a | grep httpd

Thanks to you all for your attempts to help me.
The response to the above query is
-------------------------------
[tim at alfred ~]$ getsebool -a | grep httpd
getsebool:  SELinux is disabled
-------------------------------

I'm not clear why this is,
as when I run system-config-securitylevel
and click on the SELinux tab
there are 3 checkboxes, the first of which
is entitled "Enabled (Modification Requires Reboot)".
This is ticked (and always has been),
which I took to mean that SELinux was enabled.

The second checkbox, which is also ticked, is entitled
"Enforcing Current    Disabled"
which I find unintelligible.

The third checkbox, which is not ticked, is entitled
"Relabel on next reboot",
which I also find unintelligible.


Returning for a moment to the Firewall Options tab,
I'm actually running shorewall, which I am quite happy with,
and would prefer not to change.
(I'm running the standard "two-interfaces" rules.)

If I wanted to run selinux,
do I need to enable the firewall
given in the system-config-securitylevel tab?
Or are the services in the two tabs independent?
If so, might I suggest it would be better
to have two different system-config-* programs?


My position is that I would like to run selinux
if it were reasonably clear how to do this;
but at the moment clicking OK on leaving system-config-securitylevel
has the effect of cutting off my laptop access to the internet.

I don't really feel in any great security danger,
so selinux is not top of my list of priorities;
if it were possible to run it,
after spending say 1 or 2 hours reading the documentation,
and if it did not then affect my current usage,
I would do it.

Of course my situation is not important on a global scale;
but I imagine there must be many Fedora users
whose attitude to selinux is much the same as mine.


I would not have thought it would take very long,
after making what appear to be major changes to SELinux,
to modify the documentation to take account of the changes.





-- 
Timothy Murphy  
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland

More information about the fedora-selinux-list mailing list