-2

I recently started to learning SELinux and I am so new on that. So I've faced an issue and I have question, I use CentOS 6.5 and I am learning SElinux via video training. Into the video training SELinux target version is 18 and mine is 24. The trainer talk about one boolean named httpd_disable_trans in directory /selinux/Boolean But I can not find this Boolean in my Linux. Is there any difference between those versions of SELinux or I should add this Boolean to mentioned directory manually or ... ???

Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55
Debian
  • 51
  • 2
  • 5
  • I'm not sure that boolean exists anymore. What is the problem you are trying to solve? – Michael Hampton Jul 28 '14 at 16:53
  • I am trying to disable SELinux access to Apache in CentOS 6.5 .... In my video training there is a boolean "httpd_disable_trans" in RHEL4.0 ... But haven't !!! – Debian Jul 28 '14 at 17:32
  • You shouldn't need to disable SELinux at all. Again, what is the _real_ problem? – Michael Hampton Jul 28 '14 at 17:41
  • Thanks Micheal for quick answer. I don't want to disable all SELinux. I just want to disable SELinux for "httpd" on CentOS. – Debian Jul 28 '14 at 18:20
  • Hello, the question is still why do you want to disable it for httpd. Especially on internet frontends, the targetted policy aims to provide a safer execution. If you face some issue, either you are misusing it - and should understand why - or there is a bug that should be addressed in redhat tracking tools... – tonioc Jul 28 '14 at 19:16
  • Friends, It's not a production server. It's just a test machine that I am trying to learn SELinux. In order to do that I use Linuxcbt security edition. the trainer in this video used RHEL 4.0. in "Targeted Policy" section he disable "httpd_disable_trans" boolean in "/selinux/booleans/httpd_disable_trans" as a test. But when I try to find this file there is no file with this name. my OS is CentOS 6.5. And yes Actually I just figure out why he has this boolean with RHEL4.0 but I don't have with CentOS 6.5. In other words where is "httpd_disable_trans" boolean in CentOS 6.5 ? – Debian Jul 28 '14 at 19:35
  • 1
    I think you have missed the point. Why do you want to do something that isn't a good idea, and doesn't exist now anyway, simply because you found it in an outdated and apparently low-quality training video? Skip it and move on, and consider looking for better training. – Michael Hampton Jul 29 '14 at 00:16

1 Answers1

1

The current way to stop SELinux enforcement for a single type is with semanage permissive.

For instance, the Apache web server runs under type httpd_t, so to make this type permissive:

semanage permissive -a httpd_t

To restore the defaults and enforce SELinux policy for httpd_t:

semanage permissive -d httpd_t
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940