Pretty unbelievable !!
Stephen Smalley
sds at epoch.ncsc.mil
Fri May 7 14:02:55 UTC 2004
On Thu, 2004-05-06 at 15:51, Bob Gustafson wrote:
> [root at hoho2 user1]# /usr/sbin/sestatus -v
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: enforcing
> Policy version: 17
Ok, just wanted to verify enabled and enforcing status.
> Policy booleans:
> user_ping inactive
>
> Process contexts:
> Current context: root:sysadm_r:sysadm_t
> Init context: system_u:system_r:init_t
> /sbin/mingetty system_u:system_r:getty_t
> /usr/sbin/sshd system_u:system_r:sshd_t
>
> File contexts:
> Controlling term: root:object_r:sysadm_devpts_t
> /etc/passwd system_u:object_r:etc_t
> /etc/shadow system_u:object_r:shadow_t
> /bin/bash system_u:object_r:shell_exec_t
> /bin/login system_u:object_r:login_exec_t
> /bin/sh system_u:object_r:bin_t ->
> system_u:object_r:shell_exec_t
> /sbin/agetty system_u:object_r:getty_exec_t
> /sbin/init system_u:object_r:init_exec_t
> /sbin/mingetty system_u:object_r:getty_exec_t
> /usr/sbin/sshd system_u:object_r:sshd_exec_t
> /lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:shlib_t
> /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t
Looks fine.
> So, is it bullet-proof?
Of course not. But operating correctly.
> What doc would help to interpret the output of sestatus?
There is a brief man page, sestatus(8). The program was just contributed
recently by Chris PeBenito of the Hardened Gentoo project.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list