Language Selection

English French German Italian Portuguese Spanish

Selinux on FC5

Filed under

Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple. We'll examine it on Fedora Core 5.

By default, FC5 installs Selinux in "targeted" mode. You can see this in /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.

# SETLOCALDEFS= Check local definition changes

As the comments imply, only certain network daemons are affected by Selinux in this configuration.

Full Story.

In related links:

SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language.

SELinux from scratch.

More in Tux Machines

KDE vs GNOME vs XFCE Desktop

Over many years, many people spent a long time with Linux desktop using either KDE or GNOME. These two environments have grown through the previous years and each of these desktops continued to expand their current user-base. For example, sleeper desktop environment has been XFCE as XFCE offers more robustness than LXDE that lacks much of XFCE’s polish in the default configuration. The XFCE provides all benefits which users enjoyed in the GNOME 2, but with some lightweight experiences which made it a hit on the older computers. Read more

Being Thankful for Open Source Software

At the end of every year I always like to donate some small amount of money to the open source projects I spend the most time using. If everyone donated even 1/10th of the money free software saved them each year to the projects that they use, I have no doubt that a lot more open source software would exist today. Read more

IO Visor: Bringing the Network to the Linux Kernel

The IO Visor project is a Linux Foundation Collaborative Project chartered to create an open source, technical community where industry participants easily contribute to and adopt the IO Visor project's technology for an open programmable data plane for modern IO and networking applications. Read more

2015: The very best Android smartphones

2015 has been an epic year for Android smartphones, and we're closing off the year with nine awesome devices from a range of manufacturers. Read more