disable setenforce
Todd Merritt
tmerritt at email.arizona.edu
Fri Sep 9 17:18:35 UTC 2005
On Fri, 2005-09-09 at 12:53 -0400, Stephen Smalley wrote:
> On Fri, 2005-09-09 at 09:33 -0700, Todd Merritt wrote:
> > I can't find where I read this now, could somebody please tell me what I
> > need to add/remove from the strict policy to disallow running of the
> > setenforce command (but still allow changing enforcement mode via
> > rebooting) ?
>
> BTW, if you are going to do that, I assume you also want to remove the
> ability to reload policy after the initial load? Although that has
> implications for policy updates...
>
I hadn't thought of that. There's no point closing the window and
leaving the door open, but that may be more hoops that I care to jump
through for this application.
More information about the fedora-selinux-list
mailing list