> > The application 'seuser' did not seem to be able to find the policy.conf > > file. I found the .tcl file and hacked a bit on that, but tcl is not a > > native language for me. (Today I found the > /usr/share/setools/seuser.conf > > file with the missing 'policy' in the policy.conf path) > > > I believe this has been fixed in the most recent setools update. > Yes - Dan Walsh incorporated the fix into setools-1.3-2. Also, we are going to release 1.3.1 soon with this and another critical bug fixed. Karl Karl MacMillan Tresys Technology http://www.tresys.com (410)290-1411 ext 134 > <snip> > > > ------ > > > > Then I found an application 'System Settings -> Security Level' With > > this tool, I could turn my firewall on and also turn on something in > > SELinux. The SELinux button said 'Active'. I clicked on it and > > saw options 'Warn' and 'Disabled'. Then I went back to the Firewall > > settings and decided not to do anything there. Clicking the OK button at > > the bottom > > gave me a dialog box - something about 'do you want security to be on'. > > Since I thought security was already on, I clicked on yes... > > > this SELinux feature of system-config-securitylevel has been taken out > for the FC2 release. IMHO, it needs some work to differentiate between > setting the current state of enforcing and setting the state for the > next boot of the system. > The init will still use /etc/sysconfig/selinux. > <snip> > > > > Fortunately, I had printed out some of the SELinux documentation > > (printed out, not read as yet). I noticed an email message from Hannes > > Mayer saying to pass 'selinux=0' to grub at boot time. > Careful here, kernel-2.6.5-1.349 has the selinux bootparam turned off > ( I think they will reenable it) so be sure your /etc/sysconfig/selinux > is set correctly when using that kernel. > > > > This I did, and wonderfully my system booted up. It did not even have > > the pesky extra error messages which I had noticed for awhile when > > booting my running system - 'avc denied', etc. > > > > snip > > > > A lesser goal would be to dynamically set and (hopefully) unset the > > enforcing parameter as mentioned later in Tom Mitchell's timely and very > > helpful email message - and then see what problems develop - in a > > (hopefully) controlled environment. > > > getenforce and setenforce commands allow for dynamic changes of mode. > > > (I would like to creep up on the concept of SecurityEnabled with lots of > > log messages, but not too many.. :-) ) > > not quite "creep up on", Looks like you jumped right in. Welcome > > It looks like Stephen Smalley has answered your major questions in his > reply. > > > The human path/process is important for newbie testers though. Too many > > rocks and the extra eyeballs get discouraged. > There are several HOWTOs and FAQ around but you probably already knew > that. > Richard Hally > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
