Language Selection

English French German Italian Portuguese Spanish

Selinux on FC5

Filed under
Linux

Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple. We'll examine it on Fedora Core 5.

By default, FC5 installs Selinux in "targeted" mode. You can see this in /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As the comments imply, only certain network daemons are affected by Selinux in this configuration.

Full Story.

In related links:

SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language.

SELinux from scratch.

More in Tux Machines

GNOME News

  • Hurrah! Dash to Dock Now Supports GNOME 3.24
    The Dash to Dock GNOME Shell Extension has been updated to support GNOME 3.24, and improves its app launch keyboard shortcut feature.
  • openSUSE Tumbleweed Is the First to Offer the GNOME 3.24 Desktop Environment
    openSUSE Project's Dominique Leuenberger was proud to announce the availability of the recently released GNOME 3.24 desktop environment into the software repositories of the openSUSE Tumbleweed rolling release. According to the developer, and to our knowledge, openSUSE Tumbleweed is now the first GNU/Linux distributions to offer the GNOME 3.24 packages to their users. We know that openSUSE is a distro mostly oriented towards the KDE Plasma desktop, but support for GNOME is provided at the same level of quality.

Linux Action Show ends after 10-year run

This past Sunday, Jupiter Broadcasting announced the Linux Action Show—one of the longest-running podcasts in the Linux world, which has aired almost continuously since June 10, 2006—is coming to an end and closing down production. Over a decade. That is a seriously good run for any show—podcast, TV, radio or otherwise. When I and my co-host created the Linux Action Show (typically abbreviated as LAS) nearly 11 years ago, we had no idea it would last this long. Nor did we have any idea of how far it would grow. Read more

Red Hat News

Samsung Z4 gets WiFi Certified with Tizen 3.0 onboard, Launching soon

Today, the next Tizen smartphone, which should be the named the Samsung Z4, has received its WiFi certification (certification ID: WFA70348) – Model number SM-Z400F/DS with firmware Z400F.001 on the 2.4Ghz band. WiFi certification is usually one of the last steps before a mobile device gets released and means a launch is coming real soon as we have already seen the Z4 make its debut appearance at the FCC. For the previous model, the Samsung Z2, we saw it get WIFi certified on 7 July and then launched on 23 August, a mere 6 weeks. Read more