Re: Issue with SELinux on FC3 - No policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daryn Hanright wrote:

Hi - I've experienced something weird with SeLinux. When I first installed
FC3 I chose targeted & noticed loads of different options under the SELinux tab
in system-config-securitylevel, basically a twisty-tie list of different apps
that are targeted. But I think when I reinstalled FC3 the other day
I chose to disable SELinux, and now none of those options appear. When I choose
to enable, those options I first saw don't reappear. Have tried reinstalling the
relevent rpm's with no luck. Anyone have any idea what might have happened, or
at least some idea on how I can reconfigure it?

Having had a read of the SELinux FAQ for FC3, I should see a whole range of
policies in "/etc/selinux/targeted/policy/", but when I go there I see only one
policy

Any ideas?



Not sure what you are asking. By default in FC3 with SELinux enabled, you get the following:
rpm -q -l selinux-policy-targeted
/etc/selinux/
/etc/selinux/targeted/
/etc/selinux/targeted/booleans # Booleans file containing list of overrides to policy booleans
/etc/selinux/targeted/contexts/ # Contains a the context files that tell different apps how to transition to different contexts
/etc/selinux/targeted/contexts/dbus_contexts
/etc/selinux/targeted/contexts/default_contexts
/etc/selinux/targeted/contexts/default_type
/etc/selinux/targeted/contexts/failsafe_context
/etc/selinux/targeted/contexts/files/ /etc/selinux/targeted/contexts/files/file_contexts # Regular expession File contexts used by restorecon, setfilescon, fixfiles to determine each files context.
/etc/selinux/targeted/contexts/files/media # File contexts for special device files
/etc/selinux/targeted/contexts/initrc_context
/etc/selinux/targeted/contexts/removable_context
/etc/selinux/targeted/contexts/userhelper_context
/etc/selinux/targeted/contexts/users/ #directory contains override values for roles. IE If the root user logins in locally, give him this role.
/etc/selinux/targeted/contexts/users/root
/etc/selinux/targeted/policy
/etc/selinux/targeted/policy/policy.18 # The actual compiled context.

>> If you install selinux-policy-targeted-sources you get an additional directory tree under

/etc/selinux/targeted/src/

>> If you install selinux-policy-strict you get  a similar tree under

/etc/selinux/strict/

>> system-config-securitylevel examines

/etc/selinux/config to determine which policy is running (targeted, strict or other future ones) and whether selinux is enabled, Permissive or disabled (/usr/sbin/getenforce tells you this).

system-config-securitylevel then lists all subdirectories of /etc/selinux/ as possible policies choices.

In order to put up the Modify SELinux Policy listbox, the tool lists all booleans using the tool getsebool -a and if the selinux-policy-*-sources directory is installed, it examines the /etc/selinux/SELINUXTYPE/src/policy/tunables/ directory for all tunable entries. It then uses the
/usr/share/system-config-securitylevel/selinux.tbl to make translate the booleans/tunables into a more descriptive representation.

So depending on which policy is loaded and which policy and policy-sources are installed, the display of system-config-securitylevel will change.

I hope this helps.

Dan




cheers
Daryn

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux