How best get rid of SELinux?
Arthur Pemberton
pemboa at gmail.com
Fri Sep 21 15:49:52 UTC 2007
On 9/21/07, Beartooth <Beartooth at swva.net> wrote:
> On Thu, 20 Sep 2007 23:49:41 -0400, David Boles wrote:
>
> [....]
> > This way is, IMO, the crude way to do this. Turn SELinux off, if you
> > chose to do so, in the SELinux configuration file.
> >
> > /etc/selinux/config
> >
> > change SELINUX=enforcing
> >
> > to SELINUX=disabled
>
> Here's an interesting discovery. On a machine where I haven't
> touched selinux since installing F7, I get this :
>
> [root at localhost btth]# cat /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - SELinux is fully disabled.
> SELINUX=permissive
> # SELINUXTYPE= type of policy in use. Possible values are:
> # targeted - Only targeted network daemons are protected.
> # strict - Full SELinux protection.
> SELINUXTYPE=targeted
>
> # SETLOCALDEFS= Check local definition changes
> SETLOCALDEFS=0
> [root at localhost btth]#
>
> Note that it says "targeted" -- typically, without giving me any
> faintest hint at what. The same file on the machine I disabled selinux
> from yesterday is the same except for "disabled" instead of "permissive."
>
> I *hope* targeted makes no difference so long as selinux is
> disabled. But that doesn't tell me what is targeted on the other
> machines, nor whether the default choices fit my kind of situation. (If
> they do, I'll take it on faith that they're well chosen.)
It is targeted at daemons for which rules have been explicitly
written, and are available for on the machine.
--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )
More information about the fedora-list
mailing list