Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net 509-927-Ptera
Arthur Stephens wrote:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net mailto:astephens@ptera.net 509-927-Ptera
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
setsebool -P XYZ=0 permanantly turns off boolean XYZ. system-config-securitylevel also does this.
I have no GUI - this is just a server.
setsebool -P XYZ=0 permanantly turns off boolean XYZ.
I typed setsebool -P httpd_disable_trans=1 Returned usage: setsebool boolean value
system-config-securitylevel also does this.
This gives me only one option firewall
: (
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net 509-927-Ptera
----- Original Message ----- From: "Daniel J Walsh" dwalsh@redhat.com To: "Fedora SELinux support list for users & developers." fedora-selinux-list@redhat.com Sent: Thursday, December 09, 2004 12:05 PM Subject: Re: disable selinux for httpd
Arthur Stephens wrote:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net mailto:astephens@ptera.net 509-927-Ptera
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
setsebool -P XYZ=0 permanantly turns off boolean XYZ. system-config-securitylevel also does this.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Thu, Dec 09, 2004 at 12:19:41PM -0800, Arthur Stephens wrote:
I have no GUI - this is just a server.
setsebool -P XYZ=0 permanantly turns off boolean XYZ.
I typed setsebool -P httpd_disable_trans=1 Returned usage: setsebool boolean value
setsebool -P httpd_disable_trans 1
is the correct syntax.
joe
Joe Orton wrote:
On Thu, Dec 09, 2004 at 12:19:41PM -0800, Arthur Stephens wrote:
I have no GUI - this is just a server.
setsebool -P XYZ=0 permanantly turns off boolean XYZ.
I typed setsebool -P httpd_disable_trans=1 Returned usage: setsebool boolean value
setsebool -P httpd_disable_trans 1
is the correct syntax.
joe
Either should work with libselinux-1.19.1-8.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Thu, Dec 09, 2004 at 03:41:58PM -0500, Daniel J Walsh wrote:
Joe Orton wrote:
On Thu, Dec 09, 2004 at 12:19:41PM -0800, Arthur Stephens wrote:
I typed setsebool -P httpd_disable_trans=1 Returned usage: setsebool boolean value
setsebool -P httpd_disable_trans 1
is the correct syntax.
joe
Either should work with libselinux-1.19.1-8.
I think Arthur has the original FC3 package for which in fact neither work ;)
joe
Arthur Stephens wrote:
I have no GUI - this is just a server.
setsebool -P XYZ=0 permanantly turns off boolean XYZ.
I typed setsebool -P httpd_disable_trans=1 Returned usage: setsebool boolean value
system-config-securitylevel also does this.
This gives me only one option firewall
This sounds like you are not running SELinux or are on a screwed up machine.
What does id -Z return?
What does sestatus return?
: (
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net 509-927-Ptera
----- Original Message ----- From: "Daniel J Walsh" dwalsh@redhat.com To: "Fedora SELinux support list for users & developers." fedora-selinux-list@redhat.com Sent: Thursday, December 09, 2004 12:05 PM Subject: Re: disable selinux for httpd
Arthur Stephens wrote:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net mailto:astephens@ptera.net 509-927-Ptera
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
setsebool -P XYZ=0 permanantly turns off boolean XYZ. system-config-securitylevel also does this.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
What does id -Z return?
root:system_r:unconfined_t
What does sestatus return?
SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Policy version: 18
Policy booleans: allow_ypbind active dhcpd_disable_trans inactive httpd_disable_trans active httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_trans inactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive ypbind_disable_trans inactive
----- Original Message ----- From: "Daniel J Walsh" dwalsh@redhat.com To: "Fedora SELinux support list for users & developers." fedora-selinux-list@redhat.com Sent: Thursday, December 09, 2004 12:40 PM Subject: Re: disable selinux for httpd
Arthur Stephens wrote:
I have no GUI - this is just a server.
setsebool -P XYZ=0 permanantly turns off boolean XYZ.
I typed setsebool -P httpd_disable_trans=1 Returned usage: setsebool boolean value
system-config-securitylevel also does this.
This gives me only one option firewall
This sounds like you are not running SELinux or are on a screwed up
machine.
What does id -Z return?
What does sestatus return?
: (
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net 509-927-Ptera
----- Original Message ----- From: "Daniel J Walsh" dwalsh@redhat.com To: "Fedora SELinux support list for users & developers." fedora-selinux-list@redhat.com Sent: Thursday, December 09, 2004 12:05 PM Subject: Re: disable selinux for httpd
Arthur Stephens wrote:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net mailto:astephens@ptera.net 509-927-Ptera
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
setsebool -P XYZ=0 permanantly turns off boolean XYZ. system-config-securitylevel also does this.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Thu, 2004-12-09 at 15:40 -0500, Daniel J Walsh wrote:
Arthur Stephens wrote:
I have no GUI - this is just a server.
This sounds like you are not running SELinux or are on a screwed up machine.
What does id -Z return?
What does sestatus return?
system-config-securitylevel-tui does not have the SELinux tab in shipping FC3, right?
Karsten Wade wrote:
On Thu, 2004-12-09 at 15:40 -0500, Daniel J Walsh wrote:
Arthur Stephens wrote:
I have no GUI - this is just a server.
This sounds like you are not running SELinux or are on a screwed up machine.
What does id -Z return?
What does sestatus return?
system-config-securitylevel-tui does not have the SELinux tab in shipping FC3, right?
Yes, we only support X-Windows version.
On Fri, 2004-12-10 at 13:38, Ken Snider wrote:
Daniel J Walsh wrote:
Yes, we only support X-Windows version.
There *is* a TUI/Command line way to change these settings however.. yes?
You can always edit /etc/selinux/config or /etc/selinux/(strict|targeted)/booleans directly. setbool also has a -P option to update the booleans file as well as change the current setting.
Any particular reason that system-config-securitylevel tui doesn't support SELinux settings? Shouldn't be hard, right?
On Fri, 2004-12-10 at 13:42 -0500, Stephen Smalley wrote:
On Fri, 2004-12-10 at 13:38, Ken Snider wrote:
Daniel J Walsh wrote:
Yes, we only support X-Windows version.
There *is* a TUI/Command line way to change these settings however.. yes?
You can always edit /etc/selinux/config or /etc/selinux/(strict|targeted)/booleans directly. setbool also has a -P option to update the booleans file as well as change the current setting.
Any particular reason that system-config-securitylevel tui doesn't support SELinux settings? Shouldn't be hard, right?
I imagine just a time issue, I think all the selinux stuff is within selinuxPage rather than lokkit.c. We probably should dump lokkit.c and have a python backend then cli/tui/gui ontop properly.
Paul
Paul Nasrat wrote:
On Fri, 2004-12-10 at 13:42 -0500, Stephen Smalley wrote:
On Fri, 2004-12-10 at 13:38, Ken Snider wrote:
Daniel J Walsh wrote:
Yes, we only support X-Windows version.
There *is* a TUI/Command line way to change these settings however.. yes?
You can always edit /etc/selinux/config or /etc/selinux/(strict|targeted)/booleans directly. setbool also has a -P option to update the booleans file as well as change the current setting.
Any particular reason that system-config-securitylevel tui doesn't support SELinux settings? Shouldn't be hard, right?
I imagine just a time issue, I think all the selinux stuff is within selinuxPage rather than lokkit.c. We probably should dump lokkit.c and have a python backend then cli/tui/gui ontop properly.
Yup, alot easier to do in python then in "c".
Paul
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Am Do, den 09.12.2004 schrieb Arthur Stephens um 21:04:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens
Use the GUI tool system-config-securitylevel. It's on the second tab.
Alexander
No GUI and system-config-securitylevel gives me only one option firewall
----- Original Message ----- From: "Alexander Dalloz" ad+lists@uni-x.org To: "Fedora SELinux support list for users & developers." fedora-selinux-list@redhat.com Sent: Thursday, December 09, 2004 12:07 PM Subject: Re: disable selinux for httpd
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
I'm curious about the problem with httpd and selinux. I'm running FC3 and Apache-2.0.52 with Selinux in enforcing mode and at least the basic stuff seems to work. What problems are you seeing?
Dave
Arthur Stephens wrote:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net mailto:astephens@ptera.net 509-927-Ptera
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Thu, 2004-12-09 at 17:41 -0800, Dave Mack wrote:
I'm curious about the problem with httpd and selinux. I'm running FC3 and Apache-2.0.52 with Selinux in enforcing mode and at least the basic stuff seems to work. What problems are you seeing?
Check the list archives starting 29 November for the full saga.
Arthur, sorry it's not working out. :( Better luck in the future, I hope.
- Karsten
Dave
Arthur Stephens wrote:
Ok I have given up on getting httpd to work under selinux I would like it disabled it for httpd. I know how to do that temporary with setsebool but how does one make that permanent?
Maybe when I have some time to spare :) I can come back to it.
Arthur Stephens Senior Sales Technician Ptera Wireless Internet astephens@ptera.net mailto:astephens@ptera.net 509-927-Ptera
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org
-
Alexander Dalloz -
Arthur Stephens -
Daniel J Walsh -
Dave Mack -
Joe Orton -
Karsten Wade -
Ken Snider -
Paul Nasrat -
Stephen Smalley