Re: Has the boot param syntax/semantics changed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


------------------------------------------------------------------------

    * /From/: Bob Gustafson <bobgus rcn com>

------------------------------------------------------------------------
[root hoho2 user1]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcinfg - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enforcing
SELINUXTYPE=strict
POLICYTYPE=strict
[root hoho2 user1]#

Then I changed the /etc/selinux/config to the version shown below and rebooted.

I got far less messages, and I was even able to go to root when clicking on
gnome applications that required higher priority (with above config
contents, whatever I typed was not enough, gnome kept coming back for more)

[root hoho2 user1]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcinfg - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enforcing
#SELINUXTYPE=strict
SELINUXTYPE=permissive
POLICYTYPE=strict
[root hoho2 user1]#

My assumption has been that the boot parameters override the contents of
the /etc/selinux/config file, and that the boot param 'enforcing=0' will
make the selinux a permissive one.

Have these assumptions changed?


Well, the names have changed a bit ;) POLICYTYPE is no longer operative, so I think
you have booted up in 'targeted' mode, not strict. 'enforcing=0' still works for me.

Here is what you need for strict:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcinfg - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=enforcing

# SELINUXTYPE= can take one of these two values:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=strict

tom
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux