Selinux question
Mathew Pullar
the.deep.range at gmail.com
Wed Jul 13 21:23:30 UTC 2005
No i am not using the strict policy because the xserver will not start
after applying the policy and rebooting for relabelling. I am
currently enforcing the targetted policy.
On 7/13/05, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Mathew Pullar wrote:
>
> >Hi,
> >I have just started to experiment with selinux and noticed the "User
> >Privs" section in system-config-securitylevel-gui and unticked allow
> >users to ping and allow users to read default system files. I then
> >created a new normal user account to test the changes i had made.
> >The new user was able to ping to and to read default system files such
> >as /etc/inittab.
> >I then thought perhaps relabelling was required so rebooted and
> >relabeled. This however still allowed normal users to ping.
> >My current selinux config is set to enabled and enforcing.
> >Any help would be greatly appreciated.
> >
> Are you running strict policy?
>
> default system files are files that are marked with file context
> default_t. You should not
> have many of them on the system.
> Dan
More information about the fedora-list
mailing list