Basically the way it works is that there are policies that can override standard UNIX type permissions so that you can lock down the entire OS from runaway processes, hackers, and whatever bad code is out there. It used to be that bad code was allowed to run like a madman through your UNIX machine, turning /tmp to world readable/writable and there was nothing you could do about it. There are 3 modes whereby you can either make it block a lot of stuff, only log what it would've blocked (but yet allow it through), or disable it completely. Also there is strict vs. targeted policy. Targeted is gonna be your drug of choice more than likely. Strict would be for say a high volume web server that only runs apache and you are going to turn every_single_other_thing_off. I would stay away from strict until you get the basics down. I just compiled a bunch of links at <a href="http://forensiclug.com">forensiclug.com</a> if you want more info. Good luck Marc <div>On 8/22/05, BRUCE STANLEY <<a href="mailto:bruce.stanley@prodigy.net">bruce.stanley@prodigy.net</a>> wrote:<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> --- Chris Wright <<a href="mailto:linux-list@cwic-solutions.co.uk">linux-list@cwic-solutions.co.uk</a>> wrote: > > > > -----Original Message----- > > From: <a href="mailto:fedora-list-bounces@redhat.com"> fedora-list-bounces@redhat.com</a> > > [mailto:<a href="mailto:fedora-list-bounces@redhat.com">fedora-list-bounces@redhat.com</a>] On Behalf Of yote l > > Sent: Monday, August 22, 2005 10:33 AM > > To: <a href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a> > > Subject: SELinux > > > > How does it work ? > > > > 42 > > -- ....Dave...My mind is going....daisy...daisy.... -- fedora-list mailing list <a href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a> To unsubscribe: <a href="http://www.redhat.com/mailman/listinfo/fedora-list">http://www.redhat.com/mailman/listinfo/fedora-list </a> </blockquote></div>