[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On 9/21/07, Beartooth <Beartooth swva net> wrote:
> On Thu, 20 Sep 2007 23:49:41 -0400, David Boles wrote:
>
> [....]
> > This way is, IMO, the crude way to do this. Turn SELinux off, if you
> > chose to do so, in the SELinux configuration file.
> >
> > /etc/selinux/config
> >
> > change SELINUX=enforcing
> >
> > to SELINUX=disabled
>
>         Here's an interesting discovery. On a machine where I haven't
> touched selinux since installing F7, I get this :
>
> [root localhost btth]# cat /etc/selinux/config
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> #       enforcing - SELinux security policy is enforced.
> #       permissive - SELinux prints warnings instead of enforcing.
> #       disabled - SELinux is fully disabled.
> SELINUX=permissive
> # SELINUXTYPE= type of policy in use. Possible values are:
> #       targeted - Only targeted network daemons are protected.
> #       strict - Full SELinux protection.
> SELINUXTYPE=targeted
>
> # SETLOCALDEFS= Check local definition changes
> SETLOCALDEFS=0
> [root localhost btth]#
>
>         Note that it says "targeted"  -- typically, without giving me any
> faintest hint at what. The same file on the machine I disabled selinux
> from yesterday is the same except for "disabled" instead of "permissive."
>
>         I *hope* targeted makes no difference so long as selinux is
> disabled. But that doesn't tell me what is targeted on the other
> machines, nor whether the default choices fit my kind of situation. (If
> they do, I'll take it on faith that they're well chosen.)


It is targeted at daemons for which rules have been explicitly
written, and are available for on the machine.


-- 
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]