disable setenforce
Stephen Smalley
sds at tycho.nsa.gov
Fri Sep 9 16:53:44 UTC 2005
On Fri, 2005-09-09 at 09:33 -0700, Todd Merritt wrote:
> I can't find where I read this now, could somebody please tell me what I
> need to add/remove from the strict policy to disallow running of the
> setenforce command (but still allow changing enforcement mode via
> rebooting) ?
BTW, if you are going to do that, I assume you also want to remove the
ability to reload policy after the initial load? Although that has
implications for policy updates...
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list