Variable naming confusion
Daniel J Walsh
dwalsh at redhat.com
Mon Sep 20 12:43:42 UTC 2004
Bob Gustafson wrote:
> To me, there is a lot of confusion in the naming and choice of values
> of the SELINUX booleans. (Maybe I just don't have my head around the
> concepts.. - but I don't think I am alone)
>
> For example:
>
> The variable 'SELINUX' in the file /etc/selinux/config has the value
> choices 'enforcing' or 'permissive'.
>
Case does not matter.
> The variable 'enforce' in the /boot/grub/grub.conf file has the value
> choices '=0' or '=1'
>
> The variable shown by the command 'getenforce' is either 'Permissive'
> or 'Enforcing' (note the initial capitalization)
>
> When using the runtime command 'setenforce', the argument is either
> '0' or '1'
>
> When using the script command 'selinuxenabled', the result is '0' if
> it IS enabled.
>
> Suggestions
>
> The variable 'SELINUX' is either 'enabled' or 'disabled'
>
> The variable 'enforcing' is either 'enabled' or 'disabled'
This is not a bad idea, since this is the way we have gone with the
system-config-securitylevel
Check it out.
>
> (This can be named 'enforce' rather than 'enforcing' - would help when
> trying to remember whether the runtime command is 'setenforce' or
> 'setenforcing')
>
> The variable 'SELINUXTYPE' is 'strict', 'targeted', 'myownpolicy',
> 'strangleddaemons', etc.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list