66


Chapter 5. Controlling and Maintaining SELinux


You can configure all of these settings using system config securitylevel. The same configuration


files are used, so changes show up bidirectionally.


To set SELinux to enforcing, choose the SELinux tab and select the checkboxes next to Enabled


(Modification Requires Reboot) and Enforcing. After clicking OK, you need to reboot if you


have just enabled SELinux from disabled.


To set SELinux to permissive mode, deselect the checkbox next to Enforcing. The mode changes


when you click the OK button.


To disable SELinux enforcement over a targeted daemon, you are setting a Boolean value so that


SELinux does not transition the program to the targeted domain.


In the SELinux tab, under the Modify SELinux Policy section, there is a menu SELinux Service


Protection. Clicking on the triangle opens that menu, where you can choose to Disable SELinux


protection for foo daemon. Clicking the OK button makes the change take effect.


If you are interested in controlling these configurables with scripts, the tools


setenforce(1)


,


getenforce(1)


, and


selinuxenabled(1)


may be useful to you.


5.2.8. Change a Boolean Setting


Booleans are reconfigurable in runtime, and you can choose to write the setting to the configuration


files for the next policy load.


The reliable command line method is to use


setsebool


:


setsebool httpd_enable_homedirs 1


By itself,


setsebool


only changes the current state of the Booleans. The


 P


option writes all pending


changes to the file


/etc/selinux/targeted/booleans


. In this example you are enabling policy


enforcement for a list of daemons:


# Any *_disable_trans set to 1 are invoking the conditional that


# prevents the process from transitioning to the domain on exec:


grep disable /etc/selinux/targeted/booleans | grep 1


httpd_disable_trans=1


mysqld_disable_trans=1


ntpd_disable_trans=1


# You can pass any number of boolean_value=0|1


setsebool  P httpd_disable_trans=0 mysqld_disable_trans=0 \


ntpd_disable_trans=0


grep disable booleans | grep 1


If you already know the setting of a Boolean, you can use


togglesebool boolean_name


to flip


the setting.


Using system config securitylevel, Boolean control is in the SELinux tab, under the Modify


SELinux Policy section. Each Boolean has a checkbox in the menu. Settings take effect when you


click OK.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved