[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On Fri, Sep 21, 2007 at 15:35:51 +0000,
  Beartooth <Beartooth swva net> wrote:
> # SELINUXTYPE= type of policy in use. Possible values are:
> #       targeted - Only targeted network daemons are protected.
> #       strict - Full SELinux protection.
> SELINUXTYPE=targeted

> 	Note that it says "targeted"  -- typically, without giving me any 
> faintest hint at what. The same file on the machine I disabled selinux 
> from yesterday is the same except for "disabled" instead of "permissive."

You didn't happen to notice the comment lines preceding the definition?
Though it is a bit out of date as the targeted policy is covering some
non-deamons now. But most stuff run by users is going to run in the unconfined
domain. In F8 there will be a way to have some users run programs in a confined
domain by default.

> 	I *hope* targeted makes no difference so long as selinux is 
> disabled. But that doesn't tell me what is targeted on the other 
> machines, nor whether the default choices fit my kind of situation. (If 
> they do, I'll take it on faith that they're well chosen.)

It makes a difference in permissive in that newly created files get a context
based on the definitions from the policy being used. This doesn't happen
when SELinux is disabled, which is related to why this mode is discouraged.

Even in disabled mode it might have some effect if you were to run some of
the relabelling programs. I never tried that though and its possible they
wouldn't actually do any relabelling when SELinux is disabled.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]