On 03/02/2015 09:09 AM, Tim.Einmahl(a)kba.de wrote:
can anyone please tell me the exact meaning of the booleans
secure_mode (secure_mode_insmod secure_mode_policyload)
under RHEL7? "semanage boolean -l" is not very helpful and I can't find a
documentation regarding the booleans which is bit disappointing as booleans play an
important role in SELinux.
The goal of these three is to lock down the system in such a way that
you can not change the SELinux settings on the box. secure_mode, should
prevent setenforce 0, and changing of booleans. secure_mode_insmod,
prevents loading of kernel modules. secure_mode_policyload prevents
load_policy. (Replacing the policy in the kernel).
Unconfined mode makes these less useful. So if you want to really play
with these you need to turn off the unconfined.pp and unconfineduser.pp
Thanks in advance
selinux mailing list