LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Disabling SELinux on httpd put it in initrc_t type rather than unconfined_t
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-13-2010, 01:46 PM   #1
n03x3c
Member
 
Registered: Aug 2008
Location: India
Distribution: Fedora, RedHat
Posts: 101

Rep: Reputation: 17
Disabling SELinux on httpd put it in initrc_t type rather than unconfined_t

Sys: RHEL 5
Policy version: 21
Policy: Targeted
Mode: Enforcing

Hello friends,

I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd. It's following way

Code:
# echo "1 1" > /selinux/booleans/httpd_disable_trans
# echo "1" > /selinux/commit_pending_bools
# service httpd restart
And then I use

Code:
# ps auxZ | grep apache
I see that apache service is not having type unconfined_t (as shown in video) but initrc_t

FYI, same with syslogd.

So, first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.

Any help would be appreciated.
 
Old 07-15-2010, 09:23 PM   #2
blacky_5251
Member
 
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Here's a quote taken from http://www.redhat.com/magazine/006ap...tures/selinux/.
Quote:
The daemons that have policy written for them will run in their own domains by default, but the administrator may configure them to run in the domain unconfined_t by specifying that they should not have a domain transition when executed. For example the command
Code:
setsebool -P httpd_disable_trans 0
causes the httpd process to run in domain unconfined_t. Every daemon has a boolean to cause it to run in the unconfined_t domain. This can be used if the administrator is unable to get it working correctly in its own domain (although it is recommended that for best security the policy be modified if necessary to permit the daemon in question to run in a restrictive domain). Running daemons in the unconfined_t domain in this manner reduces the security of the system and should be avoided if possible.
Does that explain it for you?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
selinux with vsftpd and httpd swpr Linux - Security 4 06-28-2006 05:49 AM
disabling mysqld and httpd webinsek Linux - Newbie 3 03-25-2006 12:13 PM
Disabling SElinux Opacus Fedora 1 01-14-2005 08:04 AM
disabling httpd adun Linux - Newbie 2 01-31-2003 07:51 AM
disabling httpd adun Linux - Networking 1 01-30-2003 10:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:53 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration