------------------------------------------------------------------------
* /From/: Bob Gustafson <bobgus rcn com>
------------------------------------------------------------------------
[root hoho2 user1]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcinfg - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enforcing
SELINUXTYPE=strict
POLICYTYPE=strict
[root hoho2 user1]#
Then I changed the /etc/selinux/config to the version shown below and rebooted.
I got far less messages, and I was even able to go to root when clicking on
gnome applications that required higher priority (with above config
contents, whatever I typed was not enough, gnome kept coming back for more)
[root hoho2 user1]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcinfg - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enforcing
#SELINUXTYPE=strict
SELINUXTYPE=permissive
POLICYTYPE=strict
[root hoho2 user1]#
My assumption has been that the boot parameters override the contents of
the /etc/selinux/config file, and that the boot param 'enforcing=0' will
make the selinux a permissive one.
Have these assumptions changed?
Well, the names have changed a bit ;) POLICYTYPE is no longer
operative, so I think
you have booted up in 'targeted' mode, not strict. 'enforcing=0' still
works for me.
Here is what you need for strict:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcinfg - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=strict
tom