Re: boolean secure_mode under Rhel7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/02/2015 09:09 AM, Tim.Einmahl@xxxxxx wrote:
> Hi,
>
> can anyone please tell me the exact meaning of the booleans
>
> secure_mode  (secure_mode_insmod  secure_mode_policyload)
>
> under RHEL7? "semanage boolean -l" is not very helpful and I can't find a documentation regarding the booleans which is bit disappointing as booleans play an important role in SELinux.
>
The goal of these three is to lock down the system in such a way that
you can not change the SELinux settings on the box.  secure_mode, should
prevent setenforce 0, and changing of booleans.  secure_mode_insmod,
prevents loading of kernel modules.  secure_mode_policyload prevents
load_policy. (Replacing the policy in the kernel).

Unconfined mode makes these less useful.   So if you want to really play
with these you need to turn off the unconfined.pp and unconfineduser.pp
modules.
> Thanks in advance
>
> Regards
> Tim
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux