Thanks Daniel, your approach is really smart :) I used to change the settings by the following, # cd /etc/selinux/$selinux_policy/ # vi booleans (change something from F to T or vice versa) # load_policy policy/policy.18 booleans now setsebool -P httpd_disable_trans 1 looks much cool :-) thanks for sharing your experience :) Patrick > > > If you use system-config-securitylevel, these booleans get a better > translation. It probably would be > a good idea to use the translation table in s-c-sl for this tool. (Put > it on my todo list. :^)) > > SERVICE_disable_trans - if active means that the SERVICE will run > without SELinux protection, > so if I can not get apache to run under SELinux I could specify > > setsebool -P httpd_disable_trans 1 > > And then restart httpd, it will now run under unconfined_t instead of > httpd_t. > > httpd_unified - tells policy to treat all files marked as httpd content > the same way. > So httpd and freiends can read/write/execute all content. > > >Does anybody know how to decode these?
