Bug 468569 - default "httpd_tty_comm" value inconsistent with httpd_selinux man page
default "httpd_tty_comm" value inconsistent with httpd_selinux man page
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-26 00:29 EDT by Murray McAllister
Modified: 2015-01-04 17:35 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-27 10:43:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Murray McAllister 2008-10-26 00:29:41 EDT
Description of problem:
The httpd_selinux(8) man page states that the "httpd_tty_comm" Boolean is off by default:

"httpd by default is not allowed access to the controling terminal."

And then gives instructions for turning it on:

"setsebool -P httpd_tty_comm 1"

This Boolean is on by default (unless changing another Boolean turns it on?).

Version-Release number of selected component (if applicable):
httpd-2.2.10-2.i386

policycoreutils-2.0.57-5.fc10.i386
selinux-policy-3.5.13-7.fc10.noarch
selinux-policy-targeted-3.5.13-7.fc10.noarch
libselinux-utils-2.0.73-1.fc10.i386
libselinux-python-2.0.73-1.fc10.i386
libselinux-2.0.73-1.fc10.i386

Steps to Reproduce:
1. "man 8 httpd_selinux". See that it says it is turned off by default.
2. "getsebool httpd_tty_comm"
  
Actual results:
$ getsebool httpd_tty_comm
httpd_tty_comm --> on

Expected results:
$ getsebool httpd_tty_comm
httpd_tty_comm --> off

Additional info:
httpd_tty_comm was also set to on in the Fedora 9 and Red Hat Enterprise Linux 5.2 machines I checked.
Comment 1 Daniel Walsh 2008-10-27 10:43:15 EDT
I changed some of the wording on the default.  I guess we really should just remove all "default"  since we do not know what policy is installed and the default can change over time.

Fixed selinux-policy-3.5.13-9.fc10

Note You need to log in before you can comment on or make changes to this bug.