please try SELinux again

Colin Walters walters at redhat.com
Sat Sep 18 19:40:33 UTC 2004


Hi,

Talking with a number of people at the office, it seems a high
percentage of Fedora developers disabled SELinux during FC2 test2, which
was our first attempt at SELinux.  Many other users and testers in the
Fedora community likely did so as well.
 
I think a lot of people are not aware that things have changed (and
generally improved) dramatically since then.  

Instead of the original "strict" policy which covered everything, a new
"targeted" policy has been developed which only applies SELinux
restrictions to a few select system daemons.  Regular user login
sessions are unrestricted.

This targeted policy will be enabled by default for FC3.  But those of
you who are upgrading from existing systems, if you earlier added
selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
will not be testing the new policy.

Please: undo those changes, and give it another try.  Be sure
that /etc/sysconfig/selinux has these two lines:
SELINUX=enforcing
SELINUXTYPE=targeted

Also be sure you don't have selinux=0 in your grub configuration.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040918/512ef2a5/attachment.sig>


More information about the fedora-devel-list mailing list