Hi, Talking with a number of people at the office, it seems a high percentage of Fedora developers disabled SELinux during FC2 test2, which was our first attempt at SELinux. Many other users and testers in the Fedora community likely did so as well. I think a lot of people are not aware that things have changed (and generally improved) dramatically since then. Instead of the original "strict" policy which covered everything, a new "targeted" policy has been developed which only applies SELinux restrictions to a few select system daemons. Regular user login sessions are unrestricted. This targeted policy will be enabled by default for FC3. But those of you who are upgrading from existing systems, if you earlier added selinux=0 to your grub config, or disabled it in /etc/sysconfig/selinux, will not be testing the new policy. Please: undo those changes, and give it another try. Be sure that /etc/sysconfig/selinux has these two lines: SELINUX=enforcing SELINUXTYPE=targeted Also be sure you don't have selinux=0 in your grub configuration.
Attachment:
signature.asc
Description: This is a digitally signed message part
