Bug 468569

Summary: default "httpd_tty_comm" value inconsistent with httpd_selinux man page
Product: [Fedora] Fedora Reporter: Murray McAllister <mmcallis>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: vdanen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-27 14:43:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Murray McAllister 2008-10-26 04:29:41 UTC 
Description of problem:
The httpd_selinux(8) man page states that the "httpd_tty_comm" Boolean is off by default:

"httpd by default is not allowed access to the controling terminal."

And then gives instructions for turning it on:

"setsebool -P httpd_tty_comm 1"

This Boolean is on by default (unless changing another Boolean turns it on?).

Version-Release number of selected component (if applicable):
httpd-2.2.10-2.i386

policycoreutils-2.0.57-5.fc10.i386
selinux-policy-3.5.13-7.fc10.noarch
selinux-policy-targeted-3.5.13-7.fc10.noarch
libselinux-utils-2.0.73-1.fc10.i386
libselinux-python-2.0.73-1.fc10.i386
libselinux-2.0.73-1.fc10.i386

Steps to Reproduce:
1. "man 8 httpd_selinux". See that it says it is turned off by default.
2. "getsebool httpd_tty_comm"
  
Actual results:
$ getsebool httpd_tty_comm
httpd_tty_comm --> on

Expected results:
$ getsebool httpd_tty_comm
httpd_tty_comm --> off

Additional info:
httpd_tty_comm was also set to on in the Fedora 9 and Red Hat Enterprise Linux 5.2 machines I checked.
Comment 1 Daniel Walsh 2008-10-27 14:43:15 UTC 
I changed some of the wording on the default.  I guess we really should just remove all "default"  since we do not know what policy is installed and the default can change over time.

Fixed selinux-policy-3.5.13-9.fc10