How to make SELinux in Fedora work?

[Stephen Smalley]

On Wed, 2004-06-02 at 14:55, park lee wrote:
> [root at localhost RPMS]# yum install policy-sources
> Gathering header information file(s) from server(s)
> Server: Fedora Core 2 - i386 - Base
> retrygrab() failed for:
>  http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/header
> .info
>   Executing failover method
> failover: out of servers to try
> Error getting file 
> http://download.fedora.redhat.com/pub/fedora/linux/core/2/i386/os/headers/header
> .info
> [Errno 4] IOError: <urlopen error >
>  I wonder what's wrong? and here can I use 'rpm -Uvh' to install the
> package instead of using 'yum install policy-sources'.

Add some mirrors to /etc/yum.conf; look at
http://fedora.redhat.com/download/mirrors.html and select several that
are near you.  For example, you might have:

[development]
name=Fedora Core $releasever - Development Tree
baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/development/$basearch/
        http://ftp.dulug.duke.edu/pub/fedora/linux/core/development/$basearch/
        ftp://ftp.dulug.duke.edu/pub/fedora/linux/core/development/$basearch/
        ftp://ftp.linux.ncsu.edu/pub/fedora/linux/core/development/$basearch/
        ftp://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/core/development/$basearch/
        http://distro.ibiblio.org/pub/linux/distributions/fedora/linux/core/development/$basearch/

But replace the URLS with mirrors that are close to you.


> Then, my question is: "can we still run 'echo 1 > /selinux/enforce'
> program to switch into enforcing mode. and switch back to permissive
> mode with 'echo 0 > /selinux/enforce'.

Yes, setenforce is just a utility that does the same thing.  The
advantage of using setenforce rather than directly writing to
/selinux/enforce is that if we change the mount point for selinuxfs,
setenforce will automtically pick up the new location (via libselinux).

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency