Ivan Gyurdiev wrote:
Joe Orton wrote:
I'd also like to mention again that the new FC4 policy of only
applying SELinux policy if httpd is started from the init script is
confusing the hell out of people. It breaks the principle of least
astonishment. I'd much rather live with the fact that SELinux policy
is *always* applied, and the fallout from that, than see this
confusion of people hitting SELinux policy issues, get confused,
restart httpd, see them disappear, etc.
I'd really like to see this change reverted for FC5.
Check the state of the "direct_sysadm_daemon" tunable...
I think it should be set to 1 in your case. I am not quite sure of the
justification for a tunable.
Or rather.. maybe it needs to be defined in the sources package from
which policy is built.
I always get confused as to whether or not tunables can be changed at
runtime - IIRC they can't.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
