boolean secure_mode under Rhel7
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 2 20:51:02 UTC 2015
On 03/02/2015 09:09 AM, Tim.Einmahl at kba.de wrote:
> Hi,
>
> can anyone please tell me the exact meaning of the booleans
>
> secure_mode (secure_mode_insmod secure_mode_policyload)
>
> under RHEL7? "semanage boolean -l" is not very helpful and I can't find a documentation regarding the booleans which is bit disappointing as booleans play an important role in SELinux.
>
The goal of these three is to lock down the system in such a way that
you can not change the SELinux settings on the box. secure_mode, should
prevent setenforce 0, and changing of booleans. secure_mode_insmod,
prevents loading of kernel modules. secure_mode_policyload prevents
load_policy. (Replacing the policy in the kernel).
Unconfined mode makes these less useful. So if you want to really play
with these you need to turn off the unconfined.pp and unconfineduser.pp
modules.
> Thanks in advance
>
> Regards
> Tim
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list