Le sam 18/09/2004 Ã 21:40, Colin Walters a Ãcrit :
> Hi,
>
> Talking with a number of people at the office, it seems a high
> percentage of Fedora developers disabled SELinux during FC2 test2,
I disabled SELinux.
> which
> was our first attempt at SELinux. Many other users and testers in the
> Fedora community likely did so as well.
>
> I think a lot of people are not aware that things have changed (and
> generally improved) dramatically since then.
>
What about a better documentation ?
Release note of the last release tree (FC3t2) :
o SELinux -- This includes a new "targeted" policy that monitors
specifc daemons with less intrusion than the strict policy in use
before. For more information, refer to:
[2]https://listman.redhat.com/archives/fedora-selinux-list/2004-May/msg00096.html
Is it enough for a newcomer ?
From FC2 :
Should you decide to enable SELinux, it is *strongly*
recommended that you read the *Fedora Core SELinux FAQ*:
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
From http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ (FAQ!):
For more information about how SELinux works, how to use SELinux
for general and specific Linux distributions, and how to write
policy, these resources are useful:
NSA SELinux main website â http://www.nsa.gov/selinux/
NSA SELinux FAQ â http://www.nsa.gov/selinux/info/faq.cfm
UnOfficial FAQ â http://www.crypt.gen.nz/selinux/faq.html
Writing SE Linux policy HOWTO â
https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266
Getting Started with SE Linux HOWTO: the new SE Linux (Debian) â
https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266
On IRC â irc.freenode.net, #fedora-selinux
Fedora mailing list â fedora-selinux-list@xxxxxxxxxx; read the
archives or subscribe at
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
It's intimidating.
> Instead of the original "strict" policy which covered everything, a new
> "targeted" policy has been developed which only applies SELinux
> restrictions to a few select system daemons. Regular user login
> sessions are unrestricted.
>
> This targeted policy will be enabled by default for FC3. But those of
> you who are upgrading from existing systems, if you earlier added
> selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux,
> will not be testing the new policy.
>
> Please: undo those changes, and give it another try. Be sure
> that /etc/sysconfig/selinux has these two lines:
> SELINUX=enforcing
> SELINUXTYPE=targeted
>
> Also be sure you don't have selinux=0 in your grub configuration.
>
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
