[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Boolean support in latest SELinux policy.

From: Daniel J Walsh <dwalsh redhat com>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>, Karsten Wade <kwade redhat com>
Cc:
Subject: Boolean support in latest SELinux policy.
Date: Mon, 12 Apr 2004 11:36:39 -0400

There is a new feature in SELinux that allows you to modify a running policy. Basically you can define booleans in policy that an admin can then decide to turn on or off. To allow users to ping you can execute the following command.

> ping 4.2.2.2
ping: icmp open socket: Permission denied
> show_bools
user_ping --> active: 0 pending: 0

As root
# change_bool user_ping 1

> show_bools
user_ping --> active: 1 pending: 1

>ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2) 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=0 ttl=248 time=10.0 ms
64 bytes from 4.2.2.2: icmp_seq=1 ttl=248 time=10.6 ms

To show the available booleans you can use show_bools.
show_bools
user_ping --> active: 0 pending: 0

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]