FC2: Audit errors on /var/log/messages (SELinux (?) newbie)

Jan Houtsma list at houtsma.net
Mon May 24 20:27:17 UTC 2004


Rami Saarinen schreef:

>>>Oh, just as I had posted this message I found the "Fedora Core 2 test2
>>>SELinux FAQ" at
>>>      
>>>
>http://mindstorm.ath.cx:8080/fedora-docs/selinux-faq-en/
>  
>
>>>That clears out many questions, but does anyone have any good reasons
>>>      
>>>
>why
>  
>
>>>I should have SELinux turned on? The machine is connected to the
>>>      
>>>
>internet
>  
>
>>>just few hours a day and I have all the services off on the 
>>>system-config-securitylevel. 
>>>
>>>I suppose SELinux provides the ACL mechanism, but I'm not sure I need
>>>      
>>>
>it
>  
>
>>>.. afterall it may be a bit overkill for two-user computer. ;)
>>>
>>>      
>>>
>
>  
>
>>If you need to disable SELinux , simply edit /etc/sysconfig/selinux and
>>change SELINUX=enforcing (or permissive) to SELINUX=disabled . On older
>>kernel versions , you had to add a option during boot , but it has been
>>disabled.
>>Also , ACL is not related to SELinux. You can disable SELinux without
>>any fear of problems...
>>    
>>
>
>
>Thanks Pedro for help. Unfortunately /etc/sysconfig/selinux is missing. Oh
>well, I'll figure out something (like adding the selinux in
>etc/sysconfig).
>  
>

Yes, i noticed that as well. I have two servers. One new install and one 
upgraded machine.
On the fresh install that file is there. But it's not owned by any package!

# rpm -qf /etc/sysconfig/selinux
file /etc/sysconfig/selinux is not owned by any package

On another server which was an upgrade from core 1 that file is 
missing....... as well as other stuff related to
selinux (like for example policy-1.11.3-3 and policycoreutils-1.11-2).

Apparently upgrading is *not* full proof (i was missing several other 
things as well)!

Jan








More information about the users mailing list