[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux should be off by default in FC3



On Thu, 2004-10-07 at 17:36 +0100, Joe Orton wrote:

> That's surely not the whole story if SELinux is on by default and Apache
> is covered by the targetted policy.  The fact seems to be that you have
> to know and understand SELinux to be able to do the normal things you do
> with Apache, e.g. write CGI scripts, or change httpd.conf.  I can't help
> thinking this will be a large source of user confusion.

That's absolutely true.  We're trying to fundamentally improve Linux
security here, and people will have to learn new things.  But with the
targeted policy and boolean support, it's also extremely easy to turn
off enforcement just for Apache if you like; run system-config-
securitylevel or setsebool httpd_disable_trans true.  Yet another
alternative is to just run in permissive mode and figure out what you
need to change to alter the policy for your needs.


Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]