[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Variable naming confusion



Bob Gustafson wrote:

To me, there is a lot of confusion in the naming and choice of values of the SELINUX booleans. (Maybe I just don't have my head around the concepts.. - but I don't think I am alone)

For example:

The variable 'SELINUX' in the file /etc/selinux/config has the value choices 'enforcing' or 'permissive'.

Case does not matter.

The variable 'enforce' in the /boot/grub/grub.conf file has the value choices '=0' or '=1'

The variable shown by the command 'getenforce' is either 'Permissive' or 'Enforcing' (note the initial capitalization)

When using the runtime command 'setenforce', the argument is either '0' or '1'

When using the script command 'selinuxenabled', the result is '0' if it IS enabled.

Suggestions

The variable 'SELINUX' is either 'enabled' or 'disabled'

The variable 'enforcing' is either 'enabled' or 'disabled'

This is not a bad idea, since this is the way we have gone with the system-config-securitylevel
Check it out.



(This can be named 'enforce' rather than 'enforcing' - would help when trying to remember whether the runtime command is 'setenforce' or 'setenforcing')


The variable 'SELINUXTYPE' is 'strict', 'targeted', 'myownpolicy', 'strangleddaemons', etc.

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]