On Thu, 2004-10-07 at 17:36 +0100, Joe Orton wrote: > That's surely not the whole story if SELinux is on by default and Apache > is covered by the targetted policy. The fact seems to be that you have > to know and understand SELinux to be able to do the normal things you do > with Apache, e.g. write CGI scripts, or change httpd.conf. I can't help > thinking this will be a large source of user confusion. That's absolutely true. We're trying to fundamentally improve Linux security here, and people will have to learn new things. But with the targeted policy and boolean support, it's also extremely easy to turn off enforcement just for Apache if you like; run system-config- securitylevel or setsebool httpd_disable_trans true. Yet another alternative is to just run in permissive mode and figure out what you need to change to alter the policy for your needs.
Attachment:
signature.asc
Description: This is a digitally signed message part
