selinux
Tom Mitchell
mitch48 at sbcglobal.net
Fri Mar 26 06:59:04 UTC 2004
On Thu, Mar 25, 2004 at 05:20:43PM -0500, Gene C. wrote:
> Since the fedora-selinux mailing list is not very busy (not clear how many
> subscribers there are), I am asking this question here to hopefully get more
> responses.
>
> Is anyone successfully running FC2 "current" development with selinux running
> in enforcing mode?
Yes.
> If you are running selinux in enforcing mode, what (if anything) did you need
> to change to get it to work? That is, once you complete the install, did you
> need to do anything?
There are a couple of things that are handy to know in development
cycle mode.
logger "Turning Enforcing OFF"
echo "0" > /selinux/enforce
and
logger "Turning Enforcing ON"
echo "1" > /selinux/enforce
Depending on the brokenness of things I tinkered with: yum, up2date, rpm
and make (in /etc/security/selinux/src/policy) can fail when enforcing
is on. Knowing how to turn off enforcing to deal with some adventure
in your setup or 'policy' is nice to know.
Read the Makefile in /etc/security/selinux/src/policy
Don't forget for SELinux you also need to install:
policycoreutils, policy-sources, checkpolicy, policy
Go back a week or two in the archives of this list. The transition
from XFree86 to xorg-x11 will catch ya. Good hints have been posted.
I did add but never used a backup set of lines in my /boot/grub/grub.config
just in case I got too crazy, they looks like...
title Fedora Core ENFORCING (2.6.3-2.1.253.2.1)
root (hd0,0)
kernel /vmlinuz-2.6.3-2.1.253.2.1 ro root=LABEL=/ enforcing=1
initrd /initrd-2.6.3-2.1.253.2.1.img
title Fedora Core (2.6.3-2.1.253.2.1)
root (hd0,0)
kernel /vmlinuz-2.6.3-2.1.253.2.1 ro root=LABEL=/ enforcing=0
initrd /initrd-2.6.3-2.1.253.2.1.img
Anyhow it has firmed up nicely in the last week for me.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-test-list
mailing list