Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-13-2010, 01:46 PM   #1
Registered: Aug 2008
Location: India
Distribution: Fedora, RedHat
Posts: 101

Rep: Reputation: 17
Disabling SELinux on httpd put it in initrc_t type rather than unconfined_t

Sys: RHEL 5
Policy version: 21
Policy: Targeted
Mode: Enforcing

Hello friends,

I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd. It's following way

# echo "1 1" > /selinux/booleans/httpd_disable_trans
# echo "1" > /selinux/commit_pending_bools
# service httpd restart
And then I use

# ps auxZ | grep apache
I see that apache service is not having type unconfined_t (as shown in video) but initrc_t

FYI, same with syslogd.

So, first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.

Any help would be appreciated.
Old 07-15-2010, 09:23 PM   #2
Registered: Oct 2004
Location: Adelaide Hills, South Australia
Distribution: RHEL 5&6 CentOS 5, 6 & 7
Posts: 573

Rep: Reputation: 61
Here's a quote taken from
The daemons that have policy written for them will run in their own domains by default, but the administrator may configure them to run in the domain unconfined_t by specifying that they should not have a domain transition when executed. For example the command
setsebool -P httpd_disable_trans 0
causes the httpd process to run in domain unconfined_t. Every daemon has a boolean to cause it to run in the unconfined_t domain. This can be used if the administrator is unable to get it working correctly in its own domain (although it is recommended that for best security the policy be modified if necessary to permit the daemon in question to run in a restrictive domain). Running daemons in the unconfined_t domain in this manner reduces the security of the system and should be avoided if possible.
Does that explain it for you?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
selinux with vsftpd and httpd swpr Linux - Security 4 06-28-2006 05:49 AM
disabling mysqld and httpd webinsek Linux - Newbie 3 03-25-2006 12:13 PM
Disabling SElinux Opacus Fedora 1 01-14-2005 08:04 AM
disabling httpd adun Linux - Newbie 2 01-31-2003 07:51 AM
disabling httpd adun Linux - Networking 1 01-30-2003 10:03 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:01 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration