SELinux should be off by default in FC3
Stephen Smalley
sds at epoch.ncsc.mil
Thu Oct 7 14:23:21 UTC 2004
On Thu, 2004-10-07 at 10:01, Kenneth Porter wrote:
> Also, does find have facilities to match security contexts? It's a common
> tool for finding violations of other policies, like rogue suid binaries.
find /etc -context system_u:object_r:shadow_t -print
find /etc -printf "%p %Z\n"
But a better tool for this purpose is likely setfiles, e.g.:
/usr/sbin/setfiles -qnv /etc/selinux/targeted/contexts/files/file_contexts /etc
/sbin/fixfiles check is similar, but seems to only log to a file
(fixfiles is a script written by RedHat that calls setfiles internally).
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the devel
mailing list