please try SELinux again
Matias Feliciano
feliciano.matias at free.fr
Sat Sep 18 20:48:35 UTC 2004
Le sam 18/09/2004 à 21:40, Colin Walters a écrit :
> Hi,
>
> Talking with a number of people at the office, it seems a high
> percentage of Fedora developers disabled SELinux during FC2 test2,
I disabled SELinux.
> which
> was our first attempt at SELinux. Many other users and testers in the
> Fedora community likely did so as well.
>
> I think a lot of people are not aware that things have changed (and
> generally improved) dramatically since then.
>
What about a better documentation ?
Release note of the last release tree (FC3t2) :
o SELinux -- This includes a new "targeted" policy that monitors
specifc daemons with less intrusion than the strict policy in use
before. For more information, refer to:
[2]https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00096.html
Is it enough for a newcomer ?
From FC2 :
Should you decide to enable SELinux, it is *strongly*
recommended that you read the *Fedora Core SELinux FAQ*:
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
From http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ (FAQ!):
For more information about how SELinux works, how to use SELinux
for general and specific Linux distributions, and how to write
policy, these resources are useful:
NSA SELinux main website — http://www.nsa.gov/selinux/
NSA SELinux FAQ — http://www.nsa.gov/selinux/info/faq.cfm
UnOfficial FAQ — http://www.crypt.gen.nz/selinux/faq.html
Writing SE Linux policy HOWTO —
https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266
Getting Started with SE Linux HOWTO: the new SE Linux (Debian) —
https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266
On IRC — irc.freenode.net, #fedora-selinux
Fedora mailing list — fedora-selinux-list at redhat.com; read the
archives or subscribe at
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
It's intimidating.
> Instead of the original "strict" policy which covered everything, a new
> "targeted" policy has been developed which only applies SELinux
> restrictions to a few select system daemons. Regular user login
> sessions are unrestricted.
>
> This targeted policy will be enabled by default for FC3. But those of
> you who are upgrading from existing systems, if you earlier added
> selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
> will not be testing the new policy.
>
> Please: undo those changes, and give it another try. Be sure
> that /etc/sysconfig/selinux has these two lines:
> SELINUX=enforcing
> SELINUXTYPE=targeted
>
> Also be sure you don't have selinux=0 in your grub configuration.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040918/1ea44595/attachment.sig>
More information about the fedora-devel-list
mailing list