FC2 Startup Errors

Stephen Smalley sds at epoch.ncsc.mil
Tue Jun 22 18:05:26 UTC 2004


On Tue, 2004-06-22 at 13:29, edwarner99 at yahoo.com wrote:
> After I rebooted, I can run as a user with root
> privileges. In the logs, it states there is an unknown
> user -u.

It is likely that SELinux is running in permissive mode, i.e. logging
denials as warnings but not actually preventing access. 
/etc/sysconfig/selinux (or in rawhide, /etc/selinux/config) specifies
the initial state, and setenforce can be used to switch at runtime,
subject to access control once you are in enforcing mode.  You don't
want to switch to enforcing mode without labeling your filesystems via
'fixfiles relabel' and rebooting.

> I'm a little confused about selinux to begin with. I
> have read the documents. I run a small lan, so do you
> suggest I turn off selinux?

Did you read the Fedora SELinux FAQ? 
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/

I can't advise you either way.  The paper available from
http://www.nsa.gov/selinux/papers/inevit-abs.cfm talks about why
mandatory access controls in the operating system (which is what SELinux
provides) are critical to system security.  

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list