Hi Folks,
Why does Fedora select SELINUXTYPE=target? SELinux offers options: # SELINUXTYPE= can take one of these values: # minimum - Minimum Security protection. # standard - Standard Security protection. # mls - Multi Level Security protection. # targeted - Targeted processes are protected. # mcs - Multi Category Security protection.
Thanks. ---henry
Henry Zhang wrote:
Why does Fedora select SELINUXTYPE=target?
As I remember it, when first tried, the strict policy was attempted. However, it blocked too much. Normal usages stopped working, and to explicitly allow them all would take too much. Instead, the targeted policy was chosen with the intention it should protect against the dangerous threats, while still allowing normal operation.
After installing selinux-policy-minimum, or selinux-policy-mls, SELINUXTYPE is used to select the policy to be used (the options for distribution policy are "targeted", "minimum" and "mls").
Vit
On 6/21/23 20:07, Henry Zhang wrote:
Hi Folks,
Why does Fedora select SELINUXTYPE=target? SELinux offers options: # SELINUXTYPE= can take one of these values: # minimum - Minimum Security protection. # standard - Standard Security protection. # mls - Multi Level Security protection. # targeted - Targeted processes are protected. # mcs - Multi Category Security protection.
Thanks. ---henry
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
selinux@lists.fedoraproject.org