On Thu, 2006-03-30 at 10:19 +0100, Paul Howarth wrote: > Why not? You have to modify SELinux booleans to do all sorts of other > things, like sharing home directories in samba, running a PHP > application on Apache etc. > > As it happens, http://bugzilla.livna.org/show_bug.cgi?id=843 shows an > alternative fix that could be implemented in livna's driver package (or > Core policy) and you wouldn't have to set this boolean, but I wouldn't > describe changing a boolean as modifying policy. Indeed. Eric, Paul's recommendation is much better than mine. What I recommended does amount to a "policy modification"; it's like hacking the Apache source code to make it do what you want; it's a major change. Paul's method is just configuration tweaking; it's like editing httpd.conf to tweak the behavior. The SELinux booleans are made precisely for this purpose: to let everyone do slight changes to the way their system behaves. If you were annoyed before that you had to change the policy to achieve a goal, the booleans are the answer to your need - they're there to give you "ropes and buttons" that go and control the system in a non-intrusive way. -- Florin Andrei http://florin.myip.org/
