On Wed, Nov 15, 2006 at 11:22:07AM +0200, Aladdin wrote: > > So if I'll not touch anything regarding selinux after my install - shall I > have disabled selinux? Right? > > In selinux config file I have the following entries (I didn't touch anything): > > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - No SELinux policy is loaded. > SELINUX=permissive > > As I can understand selinux is enabled? Or am I wrong? Because in logs I can > see the following messages: > > Nov 14 07:27:56 vega kernel: Security Framework v1.0.0 initialized > Nov 14 07:27:56 vega kernel: SELinux: Disabled at boot. > Nov 14 07:27:56 vega kernel: Capability LSM initialized > > I'm little confused here:( > > > Read the instructions: there is SELinux support in the base packages for > > those that need that functionality. SELinux is not enabled by default: > > you have to make changes manually after reboot to enable it. > > > > The extra overhead to allow for SELinux support in base packages like > > login is a few k in disk space: if you don't want to use SELinux after > > the first reboot, then don't enable it. > Hi Aladdin, there are 2 settings that affect you: the kernel command line option(selinux=) and the config file with the SELINUX= variable:
selinux| SELINUX | selinux status | result --------------------------------------------------------------------- missing| | selinux disabled | no effect 0 | | selinux disabled | no effect 1 |disabled | selinux disabled | no effect 1 |permissive| selinux enabled | no visible effect | but in debugging mode| except debugging messages 1 |enforcing | selinux enabled | increased security cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org |
signature.asc
Description: Digital signature