On Tue, 2004-06-22 at 13:29, edwarner99@xxxxxxxxx wrote: > After I rebooted, I can run as a user with root > privileges. In the logs, it states there is an unknown > user -u. It is likely that SELinux is running in permissive mode, i.e. logging denials as warnings but not actually preventing access. /etc/sysconfig/selinux (or in rawhide, /etc/selinux/config) specifies the initial state, and setenforce can be used to switch at runtime, subject to access control once you are in enforcing mode. You don't want to switch to enforcing mode without labeling your filesystems via 'fixfiles relabel' and rebooting. > I'm a little confused about selinux to begin with. I > have read the documents. I run a small lan, so do you > suggest I turn off selinux? Did you read the Fedora SELinux FAQ? http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/ I can't advise you either way. The paper available from http://www.nsa.gov/selinux/papers/inevit-abs.cfm talks about why mandatory access controls in the operating system (which is what SELinux provides) are critical to system security. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
