[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

please try SELinux again



Hi,

Talking with a number of people at the office, it seems a high
percentage of Fedora developers disabled SELinux during FC2 test2, which
was our first attempt at SELinux.  Many other users and testers in the
Fedora community likely did so as well.
 
I think a lot of people are not aware that things have changed (and
generally improved) dramatically since then.  

Instead of the original "strict" policy which covered everything, a new
"targeted" policy has been developed which only applies SELinux
restrictions to a few select system daemons.  Regular user login
sessions are unrestricted.

This targeted policy will be enabled by default for FC3.  But those of
you who are upgrading from existing systems, if you earlier added
selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
will not be testing the new policy.

Please: undo those changes, and give it another try.  Be sure
that /etc/sysconfig/selinux has these two lines:
SELINUX=enforcing
SELINUXTYPE=targeted

Also be sure you don't have selinux=0 in your grub configuration.


Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]