Bob Gustafson wrote:
To me, there is a lot of confusion in the naming and choice of values of the SELINUX booleans. (Maybe I just don't have my head around the concepts.. - but I don't think I am alone)
For example:
The variable 'SELINUX' in the file /etc/selinux/config has the value choices 'enforcing' or 'permissive'.
Case does not matter.
The variable 'enforce' in the /boot/grub/grub.conf file has the value choices '=0' or '=1'
The variable shown by the command 'getenforce' is either 'Permissive' or 'Enforcing' (note the initial capitalization)
When using the runtime command 'setenforce', the argument is either '0' or '1'
When using the script command 'selinuxenabled', the result is '0' if it IS enabled.
Suggestions
The variable 'SELINUX' is either 'enabled' or 'disabled'
The variable 'enforcing' is either 'enabled' or 'disabled'
This is not a bad idea, since this is the way we have gone with the system-config-securitylevel
Check it out.
(This can be named 'enforce' rather than 'enforcing' - would help when trying to remember whether the runtime command is 'setenforce' or 'setenforcing')
The variable 'SELINUXTYPE' is 'strict', 'targeted', 'myownpolicy', 'strangleddaemons', etc.
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
