Language Selection

English French German Italian Portuguese Spanish

Selinux on FC5

Filed under
Linux

Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple. We'll examine it on Fedora Core 5.

By default, FC5 installs Selinux in "targeted" mode. You can see this in /etc/selinux/config:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As the comments imply, only certain network daemons are affected by Selinux in this configuration.

Full Story.

In related links:

SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language.

SELinux from scratch.

More in Tux Machines

Servers: Microservice, Clear Linux/Containers, Spaceborne Computer

  • Microservice architecture takes a whole new approach to infrastructure
    With services like Netflix, Uber, YouTube, and Facebook, most people are used to apps that respond quickly, work efficiently, and are updated regularly. Patience is no longer a virtue, and thanks to apps like the ones mentioned above, when people use applications, they expect blistering speeds and uninterrupted service. If you do not provide that, users aren’t exactly starved for choice; it takes less than a minute to delete an app and download something else as a replacement.
  • Clear Linux Project Announces the Next Generation of Intel's Clear Containers
    Intel's Clear Linux and Clear Containers teams are happy to introduce the next-generation of Intel's Clear Containers project, version 3.0, which bring many important new features and performance improvements. Rewritten in the Go language, Intel Clear Containers 3.0 introduces support for leveraging code used for namespace-based containers and better integrates into the container ecosystem, allowing support for Docker container engine and Kubernetes. It also improves the compatibility with the POSIX family of standards. "Today’s release presents a generational and architectural shift to utilize virtcontainers, a modular and hypervisor agnostic library for hardware virtualized containers. Clear Containers 3.0 is written in Go language and boasts an OCI compatible runtime implementation (cc-runtime) that works both on top of virtcontainers, and as a platform for deployment," said Amy L Leeland, Technical Program Manager, Intel Corporation.
  • “Spaceborne” Linux Supercomputer Starts Running In Space, Achieves 1 Teraflop Speed
    About one month ago, the HPE’s Spaceborne Computer was launched into the space using SpaceX Dragon Spacecraft. This beast was launched as a result of a partnership between Hewlett Packard Enterprise (HPE) and NASA to find out how high-performance computers perform in space. Now, this supercomputer is fully installed and operational in ISS. The performance experiment will be carried out for one year, which is roughly the time it will take for a spacecraft to travel to Mars. At the moment, lots of calculations for space research projects are carried out on Earth, but this brings in an unavoidable factor of latency.

System76's Pop!_OS Linux to Get a Beta Release Next Week with HiDPI Improvements

System76 is getting ready to unleash the first Beta release of their upcoming Pop!_OS Linux distribution, which should be available to download next week based on the Ubuntu 17.10 Final Beta. It appears that System76's development team recently dropped focus on the Pop!_OS Installer, which they develop in collaboration with the elementary OS team, to concentrate on fixing critical bugs and add the final touches to the Beta release. They still need to add some patches to fix backlight brightness issues on Nvidia GPUs. Read more

Server: Red Hat, Security, Samba, Docker, Microsoft Canonical and MongoDB

PocketBeagle and Android