How to make SELinux in Fedora work?
Stephen Smalley
sds at epoch.ncsc.mil
Thu May 27 12:16:03 UTC 2004
On Thu, 2004-05-27 at 02:44, park lee wrote:
> I've downloaded Fedora Core 2 from http://fedora.redhat.com/download/,
> and have installed it successfully.
As noted in the release notes for FC2
(http://fedora.redhat.com/docs/release-notes/), you have to pass
"selinux" to the installer to enable SELinux at install time.
> Then , I want to ask how to run SELinux which is integrated into
> Fedora Core? Is there some resources about what to do and how to do ?
If you didn't enable SELinux at install time, then you'll need to
install a policy (yum install policy policy-sources), create or edit
/etc/sysconfig/selinux and set SELINUX=permissive in it, and relabel
your filesystems (via fixfiles relabel). Once you get your filesystems
labeled and have verified that you can boot without avc denials in your
logs, you can set SELINUX=enforcing in /etc/sysconfig/selinux.
> And Is there any differences between it and the SELinux from
> http://www.nsa.gov/selinux/code/download5.cfm. As i know ,when we want
> to run the SELinux from
> ttp://www.nsa.gov/selinux/code/download5.cfm.we should first recompile
> the kernel with certain options, then install some applications (such
> as checkpolicy, libselinux) from the SELinux Full Userland Archive to
> the system. Then , if we want to run the SELinux that is integrated
> into Fedora Core, should we do the same steps?
Fedora Core 2 already includes the SELinux code in the kernel and
applications, so you don't have to recompile anything. You just need to
enable the SELinux support that is already there.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list