-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Mar 01, 2007 at 05:50:49PM +0000, andy wrote: <snip> > > Permissive mode means that it logs any action that would not be > permitted under enforcing mode whereas in enforcing mode it would stop > the action. Also, SELinux permissions are secondary to unix permissions. > This means that if an action is not permitted by unix permissions, that > will stop the action and SELinux will never note this. Targeted policy > is the one choosen by Redhat and Debian. It deals with protecting web > interaction with the machine unlike strict mode that protects all > actions. This means that it will monitor apache and network permission. > Did you add an entry in /etc/fstab for the /selinux virtual filesystem? > <snip> > Thanks for the info, Kevin. > > No I haven't put anything in my fstab because I am not running samba or > apache. > Is it still worth doing even if I don't have those installed? > If you want to be able to experiment with you system and see what is happening, you need a few thing: http://wiki.debian.org/SELinux/Setup?highlight=%28selinux%29 look at #2 to see more info. here is a bit from http://fedoraproject.org/wiki/SELinux/Policies ... After our experiences with the strict policy, we went back and reflected on what our goals were. We wanted a system where the user was protected from System applications that were listening on the network.
These applications were the doors and windows where the hackers would enter the system. So we decided to target certain domains and lock them down, while continuing to leave userspace to run in an unconfined nature. Targeted policy was born. In Fedora Core 3 we targeted about 10 domains for lock down and came up with a new domain called unconfined_t. Processes within the domain of unconfined_t would have the same access to the system as if SELinux was not enabled. We shipped this policy and this was the basis for Red Hat Enterprise Linux 4. In Fedora Core 4 and beyond we have continued to add new targets to the point where most of system space has been locked down, but userspace is still running in the unconfined_t domain. ... - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System | go to counter.li.org and | | `- http://www.debian.org/ | be counted! #238656 | | my keyserver: subkeys.pgp.net | my NPO: cfsg.org | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFF53wmv8UcC1qRZVMRAl8KAJ9AJuAtcSGRAI7BN/u6JaffeSSQ+gCggtW6 a044vaQ6fUfg0eEm0ErvC8c= =JBoK -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
