Language Selection

English French German Italian Portuguese Spanish

Selinux on FC5

Filed under
Linux

Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple. We'll examine it on Fedora Core 5.

By default, FC5 installs Selinux in "targeted" mode. You can see this in /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As the comments imply, only certain network daemons are affected by Selinux in this configuration.

Full Story.

In related links:

SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language.

SELinux from scratch.

More in Tux Machines

Today in Techrights

Initial impressions of PCLinuxOS 2014.08

I spend more time looking at the family trees of Linux distributions than I do looking at my own family tree. I find it interesting to see how distributions grow from their parent distribution, either acting as an extra layer of features which regularly re-bases itself or as a separate fork. New distributions usually tend to remain similar in most ways to their parent distro, using the same package manager and maintaining similar philosophies. When I look at the family trees of Linux distributions one project stands out more than others: PCLinuxOS. Read more

Speed or torque? Linux desktop vs. server distros

So allow me to clarify: I believe the time has come when a major, dedicated, server-only Linux distribution is needed. This distribution does not maintain any desktop packages or dependencies -- and is not a distro that merely offers a different default package set for desktop and server use cases. Read more

Open source training and the Red Hat Challenge Labs

Open source training is a powerful tool, and the skills and experiences learned can be immediately applied to numerous real-world working situations. The use of a stable and flexible foundation means open source can be adapted to situations as required, making challenges easy to overcome. Red Hat Challenge@Labs is a strong starting point for students, as they have the opportunity to design solutions for real problems and issues—and, if they're successful, pitch them to industry experts. Read more Also: Red Hat Announces General Availability of Red Hat Enterprise Linux 5.11