On Thu, 2006-03-30 at 10:19 +0100, Paul Howarth wrote:
Why not? You have to modify SELinux booleans to do all sorts of other things, like sharing home directories in samba, running a PHP application on Apache etc.
As it happens, http://bugzilla.livna.org/show_bug.cgi?id=843 shows an alternative fix that could be implemented in livna's driver package (or Core policy) and you wouldn't have to set this boolean, but I wouldn't describe changing a boolean as modifying policy.
Indeed.
Eric, Paul's recommendation is much better than mine. What I recommended does amount to a "policy modification"; it's like hacking the Apache source code to make it do what you want; it's a major change. Paul's method is just configuration tweaking; it's like editing httpd.conf to tweak the behavior.
The SELinux booleans are made precisely for this purpose: to let everyone do slight changes to the way their system behaves. If you were annoyed before that you had to change the policy to achieve a goal, the booleans are the answer to your need - they're there to give you "ropes and buttons" that go and control the system in a non-intrusive way.