disable setenforce

Stephen Smalley sds at tycho.nsa.gov
Fri Sep 9 16:53:44 UTC 2005

On Fri, 2005-09-09 at 09:33 -0700, Todd Merritt wrote:
> I can't find where I read this now, could somebody please tell me what I
> need to add/remove from the strict policy to disallow running of the
> setenforce command (but still allow changing enforcement mode via
> rebooting) ?

BTW, if you are going to do that, I assume you also want to remove the
ability to reload policy after the initial load?  Although that has
implications for policy updates...

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list