selinux

[Tom Mitchell]

On Thu, Mar 25, 2004 at 05:20:43PM -0500, Gene C. wrote:

> Since the fedora-selinux mailing list is not very busy (not clear how many 
> subscribers there are), I am asking this question here to hopefully get more 
> responses.
> 
> Is anyone successfully running FC2 "current" development with selinux running 
> in enforcing mode?

Yes.

> If you are running selinux in enforcing mode, what (if anything) did you need 
> to change to get it to work?  That is, once you complete the install, did you 
> need to do anything?

There are a couple of things that are handy to know in development
cycle mode.

      logger "Turning Enforcing OFF"
      echo "0" > /selinux/enforce
 and
      logger "Turning Enforcing ON"
      echo "1" > /selinux/enforce

Depending on the brokenness of things I tinkered with: yum, up2date, rpm
and make (in /etc/security/selinux/src/policy) can fail when enforcing
is on.  Knowing how to turn off enforcing to deal with some adventure
in your setup or 'policy' is nice to know.

Read the Makefile in /etc/security/selinux/src/policy

Don't forget for SELinux you also need to install:
      policycoreutils, policy-sources, checkpolicy, policy

Go back a week or two in the archives of this list.  The transition
from XFree86 to xorg-x11 will catch ya.  Good hints have been posted.

I did add but never used a backup set of lines in my /boot/grub/grub.config
just in case I got too crazy, they looks like...

  title Fedora Core ENFORCING (2.6.3-2.1.253.2.1)
        root (hd0,0)
        kernel /vmlinuz-2.6.3-2.1.253.2.1 ro root=LABEL=/ enforcing=1
        initrd /initrd-2.6.3-2.1.253.2.1.img
  title Fedora Core (2.6.3-2.1.253.2.1)
        root (hd0,0)
        kernel /vmlinuz-2.6.3-2.1.253.2.1 ro root=LABEL=/ enforcing=0
        initrd /initrd-2.6.3-2.1.253.2.1.img

Anyhow it has firmed up nicely in the last week for me.

-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.