do I need SELinux?
Daniel J Walsh
dwalsh at redhat.com
Sat Nov 13 12:40:08 UTC 2004
john bray wrote:
>On Fri, 2004-11-12 at 10:01 -0500, Daniel J Walsh plumb said:
>
>
>>Steven Stern wrote:
>>
>>
>>
>>>On Fri, 12 Nov 2004 09:37:21 -0500, Daniel J Walsh <dwalsh at redhat.com> wrote:
>>>
>>>
>>>
>>>
>>>
>>>>So I would hope that people will work with it and not just turn it off
>>>>as soon as they have a problem
>>>>with the system.
>>>>
>>>>
>>>>
>>>>
>>>I haven't had any problems and assume it's working fine on my system. But how
>>>do I know? Will something show up in logwatch if there's something to worry
>>>about? What syslog message prefix indicates a SELINUX targeted policy
>>>message?
>>>
>>>(Yes, this is probably in the FAQ, so if you can point me to the right one,
>>>I'll go off quiely and read it.)
>>>
>>>
>>>
>>>
>>You might see some change in behavior of applications and usually AVC
>>messages in /var/log/messages.
>>
>>For the most part you probably will see nothing.
>>
>>sestatus shows you whether it is running or not.
>>
>>
>>
>>
>>
>
>ok. i got interested in checking this out. so:
>
>[root at junior ntp]# grep AVC /var/log/message*
>[root at junior ntp]# sestatus
>SELinux status: disabled
>[root at junior ntp]#
>
>
>i thought that FC3 was defaulting to targeted? this is an upgrade from
>FC2 system, BTW.
>
>what do i have to do now, to get it turned on?
>
>john
>
>
>
Not sure this is in the FAQ or not.
SELinux does not get turned on by default on Upgrade only Fresh Install.
To turn on SELinux you need to
install selinux-policy-targeted
touch /.autorelabel
reboot
More information about the fedora-list
mailing list