Alexander Dalloz wrote:
Am Do, den 30.06.2005 schrieb rengland@xxxxxxxxxx um 0:04:
As I understand it, since I upgraded from FC2 to FC3 (as opposed to doing
a fresh install), the selinux features were not installed/activated (?).
Correct. If SELinux was disabled on FC2 (which was default and should
have been this way as on FC2 SELinux wasn't usable - mentioned in the
SELinux FAQ) and will not be activated during an upgrade.
Is there a source for information or even a HowTo available that will
explain, step by step, what has to be done to bring the selinux features
up on FC3 after and upgrade? Are there RPMs that have to be added? I
know that selinux.conf needs to be defined but not what it needs to
contain.
I don't know of such a detailed howto to explain the steps in detail.
$ rpm -qa | grep selinux
Run this to see that you have the policies (targeted and strict) and the
libselinux rpm installed.
I think you mean /etc/selinux/config and not selinux.conf. The file
exists and has presettings. How you adjust it depends on your wishes.
Following site is the SELinux FAQ for FC3:
http://fedora.redhat.com/docs/selinux-faq-fc3/
The first step should be
touch /.autorelabel
reboot
to have a fully labeled filesytem as a solid base for SELinux
operations.
It may be a good decision to start with permissive mode. This way you
have SELinux being active but it does not stop things from working, but
you get audit / avc messages by the syslog in /var/log/messages. Later,
after fixing serious issues (if there are some) you can set it to
enforcing.
--Richard
Alexander
Thank you, Alexander. I'll give this a try.
------------------------------------------------------------------------
/--R/
