mitch48 at sbcglobal.net
Fri Mar 26 06:59:04 UTC 2004
On Thu, Mar 25, 2004 at 05:20:43PM -0500, Gene C. wrote:
> Since the fedora-selinux mailing list is not very busy (not clear how many
> subscribers there are), I am asking this question here to hopefully get more
> Is anyone successfully running FC2 "current" development with selinux running
> in enforcing mode?
> If you are running selinux in enforcing mode, what (if anything) did you need
> to change to get it to work? That is, once you complete the install, did you
> need to do anything?
There are a couple of things that are handy to know in development
logger "Turning Enforcing OFF"
echo "0" > /selinux/enforce
logger "Turning Enforcing ON"
echo "1" > /selinux/enforce
Depending on the brokenness of things I tinkered with: yum, up2date, rpm
and make (in /etc/security/selinux/src/policy) can fail when enforcing
is on. Knowing how to turn off enforcing to deal with some adventure
in your setup or 'policy' is nice to know.
Read the Makefile in /etc/security/selinux/src/policy
Don't forget for SELinux you also need to install:
policycoreutils, policy-sources, checkpolicy, policy
Go back a week or two in the archives of this list. The transition
from XFree86 to xorg-x11 will catch ya. Good hints have been posted.
I did add but never used a backup set of lines in my /boot/grub/grub.config
just in case I got too crazy, they looks like...
title Fedora Core ENFORCING (2.6.3-126.96.36.199.1)
kernel /vmlinuz-2.6.3-188.8.131.52.1 ro root=LABEL=/ enforcing=1
title Fedora Core (2.6.3-184.108.40.206.1)
kernel /vmlinuz-2.6.3-220.127.116.11.1 ro root=LABEL=/ enforcing=0
Anyhow it has firmed up nicely in the last week for me.
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-test-list