Getting started with Fedora SE Linux
Stephen Smalley
sds at tycho.nsa.gov
Mon Aug 8 16:43:47 UTC 2005
On Mon, 2005-08-08 at 12:12 -0400, Craig Burrell wrote:
> Hello, all.
>
> I have recently installed Fedora Core 3 and begun exploring the SE
> Linux security model. I have a number of questions, but perhaps I'll
> begin with something simple.
>
> I have been reading Bill McCarty's book on SE Linux (O'Reilly), which
> is written for Fedora Core 2. He makes frequent reference to files
> (*.fc and *.te files, for instance) in the source directory
> (/etc/security/selinux/src/). In my installation, however, I don't
> have that directory, nor can I find elsewhere on my system any of the
> files to which he refers.
>
> Have I made an error in my installation, or is Fedora Core 3 that
> different from Core 2? Where in my installation are the security
> policy source files to be kept?
>
> Thanks for your help,
- You have to install the policy sources package
(selinux-policy-targeted-sources or selinux-policy-strict-sources)
explicitly; by default, only the binary policy is installed.
- Policy and the config file have moved under /etc/selinux, with
separate subtrees for each kind of policy,
e.g. /etc/selinux/targeted, /etc/selinux/strict.
The /etc/selinux/config file specifies the active policy via the
SELINUXTYPE definition.
- FC3 introduced the targeted policy and made it the default, enabling
SELinux to be enabled by default in FC3 and later. See the FC3 release
notes and the FC3 SELinux FAQ. Strict policy is still available, but
you have to explicitly install it and switch to it if you want to use
it, and it isn't as well supported (you essentially need to track
rawhide if you want updates to it).
- Note that FC4 was released in June, so you might want to consider
upgrading or re-installing to be more current.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list