On 01/22/2010 01:48 PM, Daniel J Walsh wrote: > Any comments? What should we add? What should we remove? > > http://sradvan.fedorapeople.org/SELinux_FAQ/#id2654720 > > > Dan 00:24 < dgrift> reading http://sradvan.fedorapeople.org/SELinux_FAQ/ 00:25 < dgrift> two comments. first one i think most will agree with regard to "Now, su/sudo only change the Linux identity." 00:25 < dgrift> sudo does domain transitions afaik (i use it every day) 00:27 < dgrift> its easier by default than the newrole command with su as this requires you to type two passwords. one to identify as the user (newrole) and one to identify as root (su) 00:28 < dgrift> second comment i do not think may will agree and i dont know why: "What is the difference between a domain and a type? " 00:28 < dgrift> a domain is not a type. a domain type is a type 00:29 < dgrift> a domain is like an environment: it is all the rules where a particular domain type is the source in an interaction. 00:38 < dgrift> "How do I enable/disable SELinux protection on specific daemons under the targeted policy?" that answer also does not apply on all systems. 00:39 < dgrift> workaround is to label apaches executable file with type bin_t. That will cause apache to run in the init script domain/environment. which is unconfined by default
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
