User: Password:
|
|
Subscribe / Log in / New account

please try SELinux again

From:  Colin Walters <walters-AT-redhat.com>
To:  fedora-devel-list-AT-redhat.com
Subject:  please try SELinux again
Date:  Sat, 18 Sep 2004 15:40:33 -0400
Cc:  fedora-selinux-list-AT-redhat.com

Hi,

Talking with a number of people at the office, it seems a high
percentage of Fedora developers disabled SELinux during FC2 test2, which
was our first attempt at SELinux.  Many other users and testers in the
Fedora community likely did so as well.
 
I think a lot of people are not aware that things have changed (and
generally improved) dramatically since then.  

Instead of the original "strict" policy which covered everything, a new
"targeted" policy has been developed which only applies SELinux
restrictions to a few select system daemons.  Regular user login
sessions are unrestricted.

This targeted policy will be enabled by default for FC3.  But those of
you who are upgrading from existing systems, if you earlier added
selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
will not be testing the new policy.

Please: undo those changes, and give it another try.  Be sure
that /etc/sysconfig/selinux has these two lines:
SELINUX=enforcing
SELINUXTYPE=targeted

Also be sure you don't have selinux=0 in your grub configuration.



-- 
fedora-devel-list mailing list
fedora-devel-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-devel-list


(Log in to post comments)


Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds