Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SElinux
Top Forums UNIX for Advanced & Expert Users SElinux Post 69337 by moxxx68 on Thursday 14th of April 2005 05:21:22 AM
Old 04-14-2005
MySQL SElinux
I am on a fedora core 2.6.9-1.677 i686
which is selinux enabled unlike the version I was on before .. which had to be manually enabled ..and if you knew nothing of the sort you were lost.. that was the case for me anyway! like i was saying ... now I am on a system that is enabled I have just started to fiddle around with some of the properties trying to figure it out.. what I need as a selinux user is some basic advice on some does and dont's covered by this subject to get me going in the right direction.. a pointer to a downloadable guide would also be good.. can anyone help.
moxxx68
 

8 More Discussions You Might Find Interesting

1. Linux

fedora core 2 selinux problem

in fedora core 2 with enforcing mode in selinux , why even as a root OS doesnt give permission to create any directory or file in /home ? (1 Reply)
Discussion started by: the.last.soul
1 Replies

2. Red Hat

Cannot open SELinux encrypted disks

When I installed Fedora 10 I set the option to encrypt my file systems but now I can't open either of my two HDD's. I asks me for my password and gives me three options concerning the "remembering" of my password but when I put the password in nothing happens at all. Any ideas? Thanks. (3 Replies)
Discussion started by: jasonfrost
3 Replies

3. Virtualization and Cloud Computing

anyone running SELinux on amazon EC2?

Hi, Has anyone enabled SELinux on Amazon EC2? I tried to enable SELinux using a CentOS image, and the steps in the following post, but it didn't work!! Amazon Web Services Developer Community : Has anyone successfully enabled SELinux ... The steps i took: 1)I started with CentOS 5.3 base... (5 Replies)
Discussion started by: fun_indra
5 Replies

4. Red Hat

selinux --disabled

Hi All, Will some one kindly explian below ? selinux What is the effect of installing a server using this kickstart option as follows: selinux --enforcing and selinux --disabled (1 Reply)
Discussion started by: sri243
1 Replies

5. Cybersecurity

[SELinux] Problem with Bind 9

Hi, I can not start named service: /etc/init.d/named start Iniciando named: Error in named configuration: zone default.domain/IN: loading from master file /home/admin/conf/dns/default.domain.db failed: permission denied zone default.domain/IN: not loaded due to errors.... (2 Replies)
Discussion started by: Anibal
2 Replies

6. UNIX and Linux Applications

A little help with seLinux

Situation: installed on Centos6.4 this samba4 package samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc) I use selinux so i put in context /var/lock/samba4 -d system_u:object_r:samba_var_t:s0 /var/lock/samba4/.* -- ... (3 Replies)
Discussion started by: Linusolaradm1
3 Replies

7. Red Hat

SeLinux permission question

Hi, in /etc/httpd/conf/httpd.conf #DocumentRoot "/var/www/html" DocumentRoot "/home/phpmy/html" when I restarted httpd # /etc/init.d/httpd restart Stopping httpd: Starting httpd: Syntax error on line 293 of /etc/httpd/conf/httpd.conf:... (0 Replies)
Discussion started by: jediwannabe
0 Replies

8. UNIX for Dummies Questions & Answers

Unable to enable SeLinux on RHEL 7

I worked all night on creating an RHEL 7 template customized for our private cloud and almost had it ready. While doing the final part, enabling GDM, I made the blunder of disabling SELINUX. Now I am not able to re-enable or put into permissive mode again. Earlier, when this happened on RHEL 6... (3 Replies)
Discussion started by: satish51392111
3 Replies

LEARN ABOUT LINUX

selinux

selinux(8)                                              SELinux Command Line documentation                                              selinux(8)

NAME

       SELinux - NSA Security-Enhanced Linux (SELinux)

DESCRIPTION

       NSA  Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating sys-
       tem.  The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control  policies,  including
       those based on the concepts of Type Enforcement(R), Role- Based Access Control, and Multi-Level Security.  Background information and tech-
       nical documentation about SELinux can be found at http://www.nsa.gov/selinux.

       The /etc/selinux/config configuration file controls whether SELinux is enabled or disabled, and if enabled,  whether  SELinux  operates  in
       permissive mode or enforcing mode.  The SELINUX variable may be set to any one of disabled, permissive, or enforcing to select one of these
       options.  The disabled option completely disables the SELinux kernel and application code, leaving the system running without  any  SELinux
       protection.  The permissive option enables the SELinux code, but causes it to operate in a mode where accesses that would be denied by pol-
       icy are permitted but audited.  The enforcing option enables the SELinux code and causes it to enforce access denials as well  as  auditing
       them.  Permissive mode may yield a different set of denials than enforcing mode, both because enforcing mode will prevent an operation from
       proceeding past the first denial and because some application code will fall back to a less privileged mode of operation if denied access.

       The /etc/selinux/config configuration file also controls what policy is active on the system.  SELinux allows for multiple policies  to  be
       installed  on the system, but only one policy may be active at any given time.  At present, two kinds of SELinux policy exist: targeted and
       strict.  The targeted policy is designed as a policy where most processes operate without restrictions,  and  only  specific  services  are
       placed  into  distinct security domains that are confined by the policy.  For example, the user would run in a completely unconfined domain
       while the named daemon or apache daemon would run in a specific domain tailored to its operation.  The strict policy is designed as a  pol-
       icy  where  all  processes are partitioned into fine-grained security domains and confined by policy.  It is anticipated in the future that
       other policies will be created (Multi-Level Security for example).  You can define which policy you will run  by  setting  the  SELINUXTYPE
       environment  variable  within  /etc/selinux/config.   The  corresponding policy configuration for each such policy must be installed in the
       /etc/selinux/SELINUXTYPE/ directories.

       A given SELinux policy can be customized further based on a set of compile-time tunable options and a set of runtime policy booleans.  sys-
       tem-config-securitylevel allows customization of these booleans and tunables.

       Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy.

FILE LABELING

       All  files,  directories,  devices  ...  have  a  security  context/label  associated  with them.  These context are stored in the extended
       attributes of the file system.  Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting  the
       machine with a non SELinux kernel.  If you see an error message containing file_t, that is usually a good indicator that you have a serious
       problem with file system labeling.

       The best way to relabel the file system is to create the flag file /.autorelabel and reboot.  system-config-securitylevel,  also  has  this
       capability.  The restorcon/fixfiles commands are also available for relabeling files.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       booleans(8),   setsebool(8),   selinuxenabled(1),   togglesebool(8),   restorecon(8),   setfiles(8),   ftpd_selinux(8),   named_selinux(8),
       rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)

FILES

       /etc/selinux/config

dwalsh@redhat.com                                                   29 Apr 2005                                                         selinux(8)
All times are GMT -4. The time now is 02:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy