[rhelv6-list] selinux (not quite) disabled?
Jan-Frode Myklebust
janfrode at tanso.net
Sat Dec 4 11:28:56 UTC 2010
On Fri, Dec 03, 2010 at 12:07:43PM -0800, solarflow99 wrote:
> On Fri, Dec 3, 2010 at 8:06 AM, <Greg_Swift at aotx.uscourts.gov> wrote:
> > Obviously a server is likely to have more than just an out of the box
> > configuration.
> >
> > But anyways... if i remember correctly, wasn't one of the changes in the
> > RHEL6 SELinux the ability to section off where SELinux is enforcing versus
> > not, so that it isn't an all or nothing thing?
>
> ya, I think it is unconfined_t. Fedora has had it for a long time
> now. I sure wouldn't want to turn selinux off on a production server.
>
No, I believe the change is that you now can put domains in permissive
mode. So it's no longer an all (SELINUX=enforcing) or nothing
(SELINUX=permissive) setting any more, but now you can put f.ex. the
webserver into permissive mode, without opening up everything.
http://lwn.net/Articles/303216/
-jf
More information about the rhelv6-list
mailing list