[CentOS] Learning SELINUX management, help?

Fri Apr 20 19:21:41 UTC 2007
Steve Friedman <steve at adsi-m4.com>

On Fri, 20 Apr 2007, Dianne Yumul wrote:

>> I checked in /usr/share/docs/selinux-policy-2.4.6/html
>> and find no references (using grub) for "cupsd_disable_trans"
>> 
>> How do I find out what this boolean object is or does?
>> Is there a description of it somewhere?
>
> I think setting <anything>_disable_trans to on/true/1 means your disabling 
> selinux for that daemon. Somebody please correct me if I'm wrong on this.

Correct.  Although there are some side effects.  E.g., if 
syslogd_disable_trans=true, then /dev/log is created as device_t and not 
dev_log_t as the syslogd daemon did not transition correctly (and that 
causes all sorts of downstream problems with daemons allowed to access 
dev_log_t, but not device_t).

Steve Friedman