On Thu, Oct 01, 2009 at 11:05:36AM +0100, Matthew Ife wrote: > Would it be possible to add a description flag for getsebool so that it > will produce a description of a bool out to the user when they pass -d? > > One of the problems of getsebool is that it only shows you what bools > are there but not what they are supposed to do. I expect this should > make it much more straightforward for sysadmins to implement selinux on > their systems. > > Im aware that man pages do produce useful descriptions of bools however > I would think it would be much more convenient to do it this way. Also > some tunables for whatever reason might not be documented in man pages > or custom policy may not have man pages for it but it could add the bool > description in XML somewhere else. > > Additionally getsebool -a -d should produce a description for all bools > so a sysadmin can grep for keywords. semanage boolean -l might help: [root@notebook2 ~]# semanage boolean -l | grep httpd | head -n 1 httpd_can_network_relay -> off Allow httpd to act as a relay > > How feasible would this be to do? > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
pgp5Tw4bYUvlB.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list