|
| View previous topic :: View next topic |
| Author |
Message |
hansencomputers
|
 Posted: Wed Aug 01, 2007 10:38 pm Post subject: What is SELinux and how does it affect me? |
 |
|
I was reading about Vista vulnerabilities and came accross a refernece to "SELinux". I checked with wikipedia, and read about it, but I'm not sure how or if this affects my use of Linux on a desktop.
Can someone define how, or if, SELinux is in BLAG? Is that even a correct question?
Thanks,
Mike H
|
|
|
 |
mullenbrock
|
| Posted: Wed Aug 01, 2007 10:43 pm Post subject: |
|
|
SELinux is in BLAG, I don't think it's used, but I don't have a clue what it does either...
|
|
|
|
Magic Banana
|
| Posted: Wed Aug 01, 2007 10:53 pm Post subject: |
|
|
SELinux is in BLAG but deactivated :
| Code: | # grep selinux /boot/grub/grub.conf
kernel /boot/vmlinuz-2.6.21-1.3228.fc7 ro root=LABEL=blag rhgb quiet selinux=0 |
For a desktop system, it is, today, more annoying than it is useful...[/code]
|
|
|
|
john maclean
|
| Posted: Thu Aug 02, 2007 2:13 pm Post subject: |
|
|
| Code: | nl /etc/selinux/config
1 # This file controls the state of SELinux on the system.
2 # SELINUX= can take one of these three values:
3 # enforcing - SELinux security policy is enforced.
4 # permissive - SELinux prints warnings instead of enforcing.
5 # disabled - SELinux is fully disabled.
6 SELINUX=disabled
7 # SELINUXTYPE= type of policy in use. Possible values are:
8 # targeted - Only targeted network daemons are protected.
9 # strict - Full SELinux protection.
10 SELINUXTYPE=targeted
|
Luckily it's disabled by default in BLAG [line six]. More annoying than useful for me.
|
_________________
BLAG 'em up! |
|
|
sinuhe
|
| Posted: Sat Aug 11, 2007 11:32 pm Post subject: Permissive |
|
|
selinux=0 is the default, because not all of selinux is installed by default. This is understandable, considering our past experiences with it. However, with the work that Fedora has done with selinux targeted contexts, I think it is better to run selinux in permissive mode, than it is to disable it. That way your contexts are set for all your files in case you wish to enable selinux (targeted, unless you're masochistic).
I use selinux with all my systems in enabled (targeted) mode, and have found it to be quite useful.
|
|
|
|
hansencomputers
|
| Posted: Sun Aug 12, 2007 12:58 am Post subject: |
|
|
What is SELinux for? Why would one use it?
Mike H
|
|
|
|
sinuhe
|
| Posted: Sat Aug 18, 2007 5:10 pm Post subject: SELinux |
|
|
SELinux is the overarching, kernel level security manager, based on (in Fedora) targeted security contexts. Of course, one could set the entire NSA style configuration, but your context configurations will take an eternity to configure (let alone comprehend).
|
|
|
|
rob.linux
|
| Posted: Sat Oct 20, 2007 3:00 pm Post subject: What does it protect ?? |
|
|
Hi Y'all,
Does any one know what SELinux is supposed to protect ??
Am I at risk doing on-line banking or watching streaming flash video etc with SELinux=0 ??
Thanks
Rob
|
_________________
Registered Linux User # 342652 Mandriva One 2007 Spring |
|
|
noldrin
|
| Posted: Sat Oct 20, 2007 6:31 pm Post subject: |
|
|
It basically affects how easy an executing file can break out of it's alloted running area and start doing stuff to the rest of the system. Supposedly it works, if it's set up correctly, which some people claim it doable, yet I've seen it mess up Red Hat Enterprise system messed up on default installs because of selinux.
|
|
|
|
|
|
|
