please try SELinux again

Matias Feliciano feliciano.matias at free.fr
Sat Sep 18 20:48:35 UTC 2004


Le sam 18/09/2004 à 21:40, Colin Walters a écrit :
> Hi,
> 
> Talking with a number of people at the office, it seems a high
> percentage of Fedora developers disabled SELinux during FC2 test2,

I disabled SELinux.

>  which
> was our first attempt at SELinux.  Many other users and testers in the
> Fedora community likely did so as well.
>  
> I think a lot of people are not aware that things have changed (and
> generally improved) dramatically since then.  
> 

What about a better documentation ?
Release note of the last release tree (FC3t2) :
         o SELinux -- This includes a new "targeted" policy that monitors
            specifc daemons with less intrusion than the strict policy in use
            before. For more information, refer to:
		[2]https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00096.html

Is it enough for a newcomer ?


From FC2 :

        Should you decide to enable SELinux, it is *strongly*
        recommended that you read the *Fedora Core SELinux FAQ*:
        
        http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/


From http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ (FAQ!):

        For more information about how SELinux works, how to use SELinux
        for general and specific Linux distributions, and how to write
        policy, these resources are useful: 
        
        NSA SELinux main website — http://www.nsa.gov/selinux/
                
        NSA SELinux FAQ — http://www.nsa.gov/selinux/info/faq.cfm
                
        UnOfficial FAQ — http://www.crypt.gen.nz/selinux/faq.html
                
        Writing SE Linux policy HOWTO —
        https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266
                
        Getting Started with SE Linux HOWTO: the new SE Linux (Debian) —
        https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266
                
        On IRC — irc.freenode.net, #fedora-selinux 
                
        Fedora mailing list — fedora-selinux-list at redhat.com; read the
        archives or subscribe at
        http://www.redhat.com/mailman/listinfo/fedora-selinux-list


It's intimidating.


> Instead of the original "strict" policy which covered everything, a new
> "targeted" policy has been developed which only applies SELinux
> restrictions to a few select system daemons.  Regular user login
> sessions are unrestricted.
> 
> This targeted policy will be enabled by default for FC3.  But those of
> you who are upgrading from existing systems, if you earlier added
> selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
> will not be testing the new policy.
> 
> Please: undo those changes, and give it another try.  Be sure
> that /etc/sysconfig/selinux has these two lines:
> SELINUX=enforcing
> SELINUXTYPE=targeted
> 
> Also be sure you don't have selinux=0 in your grub configuration.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040918/1ea44595/attachment.sig>


More information about the fedora-devel-list mailing list