getsebool -d
Dominick Grift
domg472 at gmail.com
Thu Oct 1 10:14:22 UTC 2009
On Thu, Oct 01, 2009 at 11:05:36AM +0100, Matthew Ife wrote:
> Would it be possible to add a description flag for getsebool so that it
> will produce a description of a bool out to the user when they pass -d?
>
> One of the problems of getsebool is that it only shows you what bools
> are there but not what they are supposed to do. I expect this should
> make it much more straightforward for sysadmins to implement selinux on
> their systems.
>
> Im aware that man pages do produce useful descriptions of bools however
> I would think it would be much more convenient to do it this way. Also
> some tunables for whatever reason might not be documented in man pages
> or custom policy may not have man pages for it but it could add the bool
> description in XML somewhere else.
>
> Additionally getsebool -a -d should produce a description for all bools
> so a sysadmin can grep for keywords.
semanage boolean -l might help:
[root at notebook2 ~]# semanage boolean -l | grep httpd | head -n 1
httpd_can_network_relay -> off Allow httpd to act as a relay
>
> How feasible would this be to do?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091001/6ca5bfeb/attachment.sig>
More information about the fedora-selinux-list
mailing list