On 03/02/2015 09:09 AM, Tim.Einmahl@xxxxxx wrote: > Hi, > > can anyone please tell me the exact meaning of the booleans > > secure_mode (secure_mode_insmod secure_mode_policyload) > > under RHEL7? "semanage boolean -l" is not very helpful and I can't find a documentation regarding the booleans which is bit disappointing as booleans play an important role in SELinux. > The goal of these three is to lock down the system in such a way that you can not change the SELinux settings on the box. secure_mode, should prevent setenforce 0, and changing of booleans. secure_mode_insmod, prevents loading of kernel modules. secure_mode_policyload prevents load_policy. (Replacing the policy in the kernel). Unconfined mode makes these less useful. So if you want to really play with these you need to turn off the unconfined.pp and unconfineduser.pp modules. > Thanks in advance > > Regards > Tim > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
