FC4 documentation for apache + selinux ?
Timothy Murphy
tim at birdsnest.maths.tcd.ie
Fri Jan 6 14:36:38 UTC 2006
Paul Howarth wrote:
> What's the output of:
>
> # getsebool -a | grep httpd
Thanks to you all for your attempts to help me.
The response to the above query is
-------------------------------
[tim at alfred ~]$ getsebool -a | grep httpd
getsebool: SELinux is disabled
-------------------------------
I'm not clear why this is,
as when I run system-config-securitylevel
and click on the SELinux tab
there are 3 checkboxes, the first of which
is entitled "Enabled (Modification Requires Reboot)".
This is ticked (and always has been),
which I took to mean that SELinux was enabled.
The second checkbox, which is also ticked, is entitled
"Enforcing Current Disabled"
which I find unintelligible.
The third checkbox, which is not ticked, is entitled
"Relabel on next reboot",
which I also find unintelligible.
Returning for a moment to the Firewall Options tab,
I'm actually running shorewall, which I am quite happy with,
and would prefer not to change.
(I'm running the standard "two-interfaces" rules.)
If I wanted to run selinux,
do I need to enable the firewall
given in the system-config-securitylevel tab?
Or are the services in the two tabs independent?
If so, might I suggest it would be better
to have two different system-config-* programs?
My position is that I would like to run selinux
if it were reasonably clear how to do this;
but at the moment clicking OK on leaving system-config-securitylevel
has the effect of cutting off my laptop access to the internet.
I don't really feel in any great security danger,
so selinux is not top of my list of priorities;
if it were possible to run it,
after spending say 1 or 2 hours reading the documentation,
and if it did not then affect my current usage,
I would do it.
Of course my situation is not important on a global scale;
but I imagine there must be many Fedora users
whose attitude to selinux is much the same as mine.
I would not have thought it would take very long,
after making what appear to be major changes to SELinux,
to modify the documentation to take account of the changes.
--
Timothy Murphy
e-mail (<80k only): tim /at/ birdsnest.maths.tcd.ie
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
More information about the fedora-selinux-list
mailing list