[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: please try SELinux again



Le sam 18/09/2004 Ã 21:40, Colin Walters a Ãcrit :
> Hi,
> 
> Talking with a number of people at the office, it seems a high
> percentage of Fedora developers disabled SELinux during FC2 test2,

I disabled SELinux.

>  which
> was our first attempt at SELinux.  Many other users and testers in the
> Fedora community likely did so as well.
>  
> I think a lot of people are not aware that things have changed (and
> generally improved) dramatically since then.  
> 

What about a better documentation ?
Release note of the last release tree (FC3t2) :
         o SELinux -- This includes a new "targeted" policy that monitors
            specifc daemons with less intrusion than the strict policy in use
            before. For more information, refer to:
		[2]https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00096.html

Is it enough for a newcomer ?


From FC2 :

        Should you decide to enable SELinux, it is *strongly*
        recommended that you read the *Fedora Core SELinux FAQ*:
        
        http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/


From http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ (FAQ!):

        For more information about how SELinux works, how to use SELinux
        for general and specific Linux distributions, and how to write
        policy, these resources are useful: 
        
        NSA SELinux main website â http://www.nsa.gov/selinux/
                
        NSA SELinux FAQ â http://www.nsa.gov/selinux/info/faq.cfm
                
        UnOfficial FAQ â http://www.crypt.gen.nz/selinux/faq.html
                
        Writing SE Linux policy HOWTO â
        https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266
                
        Getting Started with SE Linux HOWTO: the new SE Linux (Debian) â
        https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266
                
        On IRC â irc.freenode.net, #fedora-selinux 
                
        Fedora mailing list â fedora-selinux-list redhat com; read the
        archives or subscribe at
        http://www.redhat.com/mailman/listinfo/fedora-selinux-list


It's intimidating.


> Instead of the original "strict" policy which covered everything, a new
> "targeted" policy has been developed which only applies SELinux
> restrictions to a few select system daemons.  Regular user login
> sessions are unrestricted.
> 
> This targeted policy will be enabled by default for FC3.  But those of
> you who are upgrading from existing systems, if you earlier added
> selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
> will not be testing the new policy.
> 
> Please: undo those changes, and give it another try.  Be sure
> that /etc/sysconfig/selinux has these two lines:
> SELINUX=enforcing
> SELINUXTYPE=targeted
> 
> Also be sure you don't have selinux=0 in your grub configuration.
> 

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]