How to start using selinux?
Richard Hally
rhally at mindspring.com
Thu Mar 25 22:36:50 UTC 2004
-----Original Message-----
From: fedora-selinux-list-bounces at redhat.com
[mailto:fedora-selinux-list-bounces at redhat.com] On Behalf Of Gene
Czarcinski
Sent: Thursday, March 25, 2004 5:13 PM
To: fedora-selinux-list at redhat.com
Subject: Re: How to start using selinux?
On Thursday 25 March 2004 14:09, Richard Hally wrote:
> > Here are a couple of links to HOWTOs
> >
> >
https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266
> >
> >
https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266
Thanks. There are good but ..
What I am looking for is something a bit more "cook bookish". Since the
default (current snapshot of FC2 development) is to install with selinux set
to enforcing, I am expecting the system to come up (it does not) and then
some "cook book" instructions on setting things up so I can begin plying
with
things. Right now if I bootup with selinux set to enforcing, I cannot do
anything .. even login.
The recommended way to start off is in permissive mode. Kernel ...253.2.1
does not start in enforcing mode automatically by default.
I was hoping to see something with selinux running where I could then work
(play) with the system to understand selinux configuration and usage.
One thing you can do is duplicate the lines in grub for a particular kernel
and add ENFORCING to the title and enforcing=1 to the end of the kernel
line. That way you can start off in either mode.
The way to see which mode is to "cat /selinux/enforce" 0 is permissive. To
change to enforcing while running "echo 1 > /selinux/enforce".
Right now, booting up in single user mode is my most useful too since that
is
the only way I have found to get out of enforcing mode.
I am hoping I do not need a two week course to be able to understand how to
configure selinux. I do not know what FC2 Test2 will have in it but from
what I have seen so far, the default had better be permissive rather than
enforcing ... either that or slip the schedule a bit more.
Gene
--
fedora-selinux-list mailing list
fedora-selinux-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list