FAQ   Search   Memberlist  
Profile    Log in to check your private messages    Register    Log in
What is SELinux and how does it affect me?

 
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
View previous topic :: View next topic  
Author Message
hansencomputers
PostPosted: Wed Aug 01, 2007 10:38 pm    Post subject: What is SELinux and how does it affect me? Reply with quote

I was reading about Vista vulnerabilities and came accross a refernece to "SELinux". I checked with wikipedia, and read about it, but I'm not sure how or if this affects my use of Linux on a desktop.

Can someone define how, or if, SELinux is in BLAG? Is that even a correct question?

Thanks,
Mike H

mullenbrock
PostPosted: Wed Aug 01, 2007 10:43 pm    Post subject: Reply with quote

SELinux is in BLAG, I don't think it's used, but I don't have a clue what it does either...
Magic Banana
PostPosted: Wed Aug 01, 2007 10:53 pm    Post subject: Reply with quote

SELinux is in BLAG but deactivated :
Code:
# grep selinux /boot/grub/grub.conf
kernel          /boot/vmlinuz-2.6.21-1.3228.fc7 ro root=LABEL=blag rhgb quiet selinux=0


For a desktop system, it is, today, more annoying than it is useful...[/code]

john maclean
PostPosted: Thu Aug 02, 2007 2:13 pm    Post subject: Reply with quote

Code:
 nl /etc/selinux/config
     1  # This file controls the state of SELinux on the system.
     2  # SELINUX= can take one of these three values:
     3  #       enforcing - SELinux security policy is enforced.
     4  #       permissive - SELinux prints warnings instead of enforcing.
     5  #       disabled - SELinux is fully disabled.
     6  SELINUX=disabled
     7  # SELINUXTYPE= type of policy in use. Possible values are:
     8  #       targeted - Only targeted network daemons are protected.
     9  #       strict - Full SELinux protection.
    10  SELINUXTYPE=targeted


Luckily it's disabled by default in BLAG [line six]. More annoying than useful for me.


_________________
BLAG 'em up!
sinuhe
PostPosted: Sat Aug 11, 2007 11:32 pm    Post subject: Permissive Reply with quote

selinux=0 is the default, because not all of selinux is installed by default. This is understandable, considering our past experiences with it. However, with the work that Fedora has done with selinux targeted contexts, I think it is better to run selinux in permissive mode, than it is to disable it. That way your contexts are set for all your files in case you wish to enable selinux (targeted, unless you're masochistic).

I use selinux with all my systems in enabled (targeted) mode, and have found it to be quite useful.

hansencomputers
PostPosted: Sun Aug 12, 2007 12:58 am    Post subject: Reply with quote

What is SELinux for? Why would one use it?


Mike H

sinuhe
PostPosted: Sat Aug 18, 2007 5:10 pm    Post subject: SELinux Reply with quote

SELinux is the overarching, kernel level security manager, based on (in Fedora) targeted security contexts. Of course, one could set the entire NSA style configuration, but your context configurations will take an eternity to configure (let alone comprehend).
rob.linux
PostPosted: Sat Oct 20, 2007 3:00 pm    Post subject: What does it protect ?? Reply with quote

Hi Y'all,

Does any one know what SELinux is supposed to protect ??

Am I at risk doing on-line banking or watching streaming flash video etc with SELinux=0 ??

Thanks

Rob


_________________
Registered Linux User # 342652 Mandriva One 2007 Spring
noldrin
PostPosted: Sat Oct 20, 2007 6:31 pm    Post subject: Reply with quote

It basically affects how easy an executing file can break out of it's alloted running area and start doing stuff to the rest of the system. Supposedly it works, if it's set up correctly, which some people claim it doable, yet I've seen it mess up Red Hat Enterprise system messed up on default installs because of selinux.
Display posts from previous:   
Post new topic   Reply to topic    BLAG Forum Index -> open discussion
Page 1 of 1

Protected by Anti-Spam ACP