Install/activate selinux on FC3 after upgrade
Richard England
rengland at europa.com
Fri Jul 1 06:19:20 UTC 2005
Alexander Dalloz wrote:
>Am Do, den 30.06.2005 schrieb rengland at europa.com um 0:04:
>
>
>
>>As I understand it, since I upgraded from FC2 to FC3 (as opposed to doing
>>a fresh install), the selinux features were not installed/activated (?).
>>
>>
>
>Correct. If SELinux was disabled on FC2 (which was default and should
>have been this way as on FC2 SELinux wasn't usable - mentioned in the
>SELinux FAQ) and will not be activated during an upgrade.
>
>
>
>>Is there a source for information or even a HowTo available that will
>>explain, step by step, what has to be done to bring the selinux features
>>up on FC3 after and upgrade? Are there RPMs that have to be added? I
>>know that selinux.conf needs to be defined but not what it needs to
>>contain.
>>
>>
>
>I don't know of such a detailed howto to explain the steps in detail.
>
>$ rpm -qa | grep selinux
>
>Run this to see that you have the policies (targeted and strict) and the
>libselinux rpm installed.
>I think you mean /etc/selinux/config and not selinux.conf. The file
>exists and has presettings. How you adjust it depends on your wishes.
>Following site is the SELinux FAQ for FC3:
>
>http://fedora.redhat.com/docs/selinux-faq-fc3/
>
>The first step should be
>
>touch /.autorelabel
>reboot
>
>to have a fully labeled filesytem as a solid base for SELinux
>operations.
>It may be a good decision to start with permissive mode. This way you
>have SELinux being active but it does not stop things from working, but
>you get audit / avc messages by the syslog in /var/log/messages. Later,
>after fixing serious issues (if there are some) you can set it to
>enforcing.
>
>
>
>>--Richard
>>
>>
>
>Alexander
>
>
>
>
Thank you, Alexander. I'll give this a try.
------------------------------------------------------------------------
/--R/
More information about the fedora-list
mailing list