On 9/21/07, Beartooth <Beartooth@xxxxxxxx> wrote: > On Thu, 20 Sep 2007 23:49:41 -0400, David Boles wrote: > > [....] > > This way is, IMO, the crude way to do this. Turn SELinux off, if you > > chose to do so, in the SELinux configuration file. > > > > /etc/selinux/config > > > > change SELINUX=enforcing > > > > to SELINUX=disabled > > Here's an interesting discovery. On a machine where I haven't > touched selinux since installing F7, I get this : > > [root@localhost btth]# cat /etc/selinux/config > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - SELinux is fully disabled. > SELINUX=permissive > # SELINUXTYPE= type of policy in use. Possible values are: > # targeted - Only targeted network daemons are protected. > # strict - Full SELinux protection. > SELINUXTYPE=targeted > > # SETLOCALDEFS= Check local definition changes > SETLOCALDEFS=0 > [root@localhost btth]# > > Note that it says "targeted" -- typically, without giving me any > faintest hint at what. The same file on the machine I disabled selinux > from yesterday is the same except for "disabled" instead of "permissive." > > I *hope* targeted makes no difference so long as selinux is > disabled. But that doesn't tell me what is targeted on the other > machines, nor whether the default choices fit my kind of situation. (If > they do, I'll take it on faith that they're well chosen.) It is targeted at daemons for which rules have been explicitly written, and are available for on the machine. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )
