Language Selection

English French German Italian Portuguese Spanish

Selinux on FC5

Filed under
Linux

Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple. We'll examine it on Fedora Core 5.

By default, FC5 installs Selinux in "targeted" mode. You can see this in /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As the comments imply, only certain network daemons are affected by Selinux in this configuration.

Full Story.

In related links:

SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language.

SELinux from scratch.

More in Tux Machines

today's leftovers

Leftovers: Software

  • Ocs-server 0.1 Technology Preview released! (with cats!)
    Finally, after many iterations, we have something that works! The ocs-server team (Claudio Desideri and Francesco Wofford) is therefore announcing the first release of ocs-server 0.1 technology preview.
  • 5 Less known Linux Admin Tools
  • dmMediaConverter Review - Converting Videos Has Never Been Easier
    dmMediaConverter is described by its developer as an FFmpeg frontend (GUI), but regular users only need to know that it's an application that allows them to quickly convert files from one format to another, in a simple and intuitive way. It's not the best looking out there, but it gets the job done.
  • Goggles Music Manager 1.0.7 Adds Support for Ratings and Tags to Filters, More
    On July 30, the developers of the Goggles Music Manager software, an open-source music collection manager and player that supports some of the most popular audio file formats, announced the release of version 1.0.7.
  • Semi-Official Google Drive Support For Linux Arrives, What's Next?
    Three years ago, when a user would attempt to download the Google Drive Sync Client, Google would bring them to the appropriate download page, which of course, is based off of the operating system that user is running on. If a user would attempt to download the Google Drive Sync Client while running on Linux, they’d land on a page where the message reads: “Not (yet) supported for Linux.” So, what’s the deal with Google not developing a sync client for Linux users, seeing as to how they build a lot of their things using Linux? There’s one simple answer to that, unfortunately. Windows is mainstream, so a lot of their focus is put on what a majority of people use. The bigger the market, the more money in their pockets, of course. But don’t fear, change is near!

today's howtos

Leftovers: Gaming