Am Freitag, den 27.01.2006, 12:32 -0500 schrieb Stephen Smalley: > On Fri, 2006-01-27 at 15:18 +0100, Roger Grosswiler wrote: > > Thanks, look this: > > > > [roger@niobe ~]$ sudo rpm -qa | grep selinux-policy-targeted > > [roger@niobe ~]$ sudo rpm -qa | grep selinux-policy > > [roger@niobe ~]$ > > > > ...seems i did not have ANY policy installed?????? > > Seems unlikely, given that you are getting AVC denials. > Just do a rpm -q selinux-policy-targeted; you don't have to be root to > query. If you were running strict policy, I'd have guessed that your > sudo command was failing due to a SELinux denial (possibly just on the > output stream to the pipe, thereby silencing it) but if targeted, sudo > shouldn't be in its own domain at all. > > > btw. can somebody explain me the difference between > > > > -targeted > > -mls > > -strict > > -targeted vs. -strict is explained in the Fedora Core SELinux FAQ: > http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2764488 > Note that since the time of that FAQ (which was for FC3), the targeted > policy has expanded to cover many more system programs/processes and > certain user programs, but still leaves users unconfined by SELinux. > Targeted policy is the default in Fedora and RHEL. > > The -mls policy is for Multi-Level Security. See: > http://james-morris.livejournal.com/5020.html > MLS policy is specifically for LSPP certification. > > In Fedora and the -targeted policy, the same infrastructure being > developed for the MLS policy is being used for what Red Hat is calling > Multi-Category Security, described in: > http://james-morris.livejournal.com/5583.html > and > http://james-morris.livejournal.com/8228.html > > MCS is enabled in the FC5 devel -targeted policy already. > > -- > Stephen Smalley > National Security Agency > Stephen, Thanks for this information! Roger -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list