LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Disabling SELinux on httpd put it in initrc_t type rather than unconfined_t (https://www.linuxquestions.org/questions/linux-security-4/disabling-selinux-on-httpd-put-it-in-initrc_t-type-rather-than-unconfined_t-819644/)

n03x3c 07-13-2010 01:46 PM
Disabling SELinux on httpd put it in initrc_t type rather than unconfined_t
 
Sys: RHEL 5
Policy version: 21
Policy: Targeted
Mode: Enforcing

Hello friends,

I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd. It's following way

Code:
# echo "1 1" > /selinux/booleans/httpd_disable_trans
# echo "1" > /selinux/commit_pending_bools
# service httpd restart
And then I use

Code:
# ps auxZ | grep apache
I see that apache service is not having type unconfined_t (as shown in video) but initrc_t

FYI, same with syslogd.

So, first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.

Any help would be appreciated.

blacky_5251 07-15-2010 09:23 PM
Here's a quote taken from http://www.redhat.com/magazine/006ap...tures/selinux/.
Quote:
The daemons that have policy written for them will run in their own domains by default, but the administrator may configure them to run in the domain unconfined_t by specifying that they should not have a domain transition when executed. For example the command
Code:
setsebool -P httpd_disable_trans 0
causes the httpd process to run in domain unconfined_t. Every daemon has a boolean to cause it to run in the unconfined_t domain. This can be used if the administrator is unable to get it working correctly in its own domain (although it is recommended that for best security the policy be modified if necessary to permit the daemon in question to run in a restrictive domain). Running daemons in the unconfined_t domain in this manner reduces the security of the system and should be avoided if possible.
Does that explain it for you?


All times are GMT -5. The time now is 09:03 AM.