Am Do, den 30.06.2005 schrieb rengland@xxxxxxxxxx um 0:04: > As I understand it, since I upgraded from FC2 to FC3 (as opposed to doing > a fresh install), the selinux features were not installed/activated (?). Correct. If SELinux was disabled on FC2 (which was default and should have been this way as on FC2 SELinux wasn't usable - mentioned in the SELinux FAQ) and will not be activated during an upgrade. > Is there a source for information or even a HowTo available that will > explain, step by step, what has to be done to bring the selinux features > up on FC3 after and upgrade? Are there RPMs that have to be added? I > know that selinux.conf needs to be defined but not what it needs to > contain. I don't know of such a detailed howto to explain the steps in detail. $ rpm -qa | grep selinux Run this to see that you have the policies (targeted and strict) and the libselinux rpm installed. I think you mean /etc/selinux/config and not selinux.conf. The file exists and has presettings. How you adjust it depends on your wishes. Following site is the SELinux FAQ for FC3: http://fedora.redhat.com/docs/selinux-faq-fc3/ The first step should be touch /.autorelabel reboot to have a fully labeled filesytem as a solid base for SELinux operations. It may be a good decision to start with permissive mode. This way you have SELinux being active but it does not stop things from working, but you get audit / avc messages by the syslog in /var/log/messages. Later, after fixing serious issues (if there are some) you can set it to enforcing. > --Richard Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 00:52:25 up 4 days, 7:44, load average: 0.37, 0.43, 0.30
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
