[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: please try SELinux again

Le sam 18/09/2004 Ã 21:40, Colin Walters a Ãcrit :
> Hi,
> Talking with a number of people at the office, it seems a high
> percentage of Fedora developers disabled SELinux during FC2 test2,

I disabled SELinux.

>  which
> was our first attempt at SELinux.  Many other users and testers in the
> Fedora community likely did so as well.
> I think a lot of people are not aware that things have changed (and
> generally improved) dramatically since then.  

What about a better documentation ?
Release note of the last release tree (FC3t2) :
         o SELinux -- This includes a new "targeted" policy that monitors
            specifc daemons with less intrusion than the strict policy in use
            before. For more information, refer to:

Is it enough for a newcomer ?

From FC2 :

        Should you decide to enable SELinux, it is *strongly*
        recommended that you read the *Fedora Core SELinux FAQ*:

From http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ (FAQ!):

        For more information about how SELinux works, how to use SELinux
        for general and specific Linux distributions, and how to write
        policy, these resources are useful: 
        NSA SELinux main website â http://www.nsa.gov/selinux/
        NSA SELinux FAQ â http://www.nsa.gov/selinux/info/faq.cfm
        UnOfficial FAQ â http://www.crypt.gen.nz/selinux/faq.html
        Writing SE Linux policy HOWTO â
        Getting Started with SE Linux HOWTO: the new SE Linux (Debian) â
        On IRC â irc.freenode.net, #fedora-selinux 
        Fedora mailing list â fedora-selinux-list redhat com; read the
        archives or subscribe at

It's intimidating.

> Instead of the original "strict" policy which covered everything, a new
> "targeted" policy has been developed which only applies SELinux
> restrictions to a few select system daemons.  Regular user login
> sessions are unrestricted.
> This targeted policy will be enabled by default for FC3.  But those of
> you who are upgrading from existing systems, if you earlier added
> selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
> will not be testing the new policy.
> Please: undo those changes, and give it another try.  Be sure
> that /etc/sysconfig/selinux has these two lines:
> SELINUX=enforcing
> SELINUXTYPE=targeted
> Also be sure you don't have selinux=0 in your grub configuration.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]