Hello,
In a similar way to the way that selinux can be turned on or off for a single service like apache, is there anyway to selectively have permissive mode on just one service and enforcing on all the rest?
On Sun, 2005-01-30 at 12:14, Sitsofe Wheeler wrote:
Hello,
In a similar way to the way that selinux can be turned on or off for a single service like apache, is there anyway to selectively have permissive mode on just one service and enforcing on all the rest?
Not presently. It would however be straightforward to add a macro the policy that includes both the allow rules from unconfined_domain and a corresponding auditallow rule for each such allow rule, so that when you apply that macro to a domain, it will be allowed to do everything but all of its accesses will be audited.
On Sun, 2005-01-30 at 17:14 +0000, Sitsofe Wheeler wrote:
Hello,
In a similar way to the way that selinux can be turned on or off for a single service like apache,
Yes; see:
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#using-s-c-securityl...
The FAQ should probably also say that you can use e.g. "setsebool -P httpd_disable_trans=1" from the command line.
Also note that you need to restart the service, e.g. "service httpd restart".
On Mon, 2005-01-31 at 11:58 -0500, Colin Walters wrote:
On Sun, 2005-01-30 at 17:14 +0000, Sitsofe Wheeler wrote:
Hello,
In a similar way to the way that selinux can be turned on or off for a single service like apache,
Sorry, I read your question too quickly, Stephen's response is right of course.
selinux@lists.fedoraproject.org
-
Colin Walters -
Sitsofe Wheeler -
Stephen Smalley