Install/activate selinux on FC3 after upgrade

Alexander Dalloz ad+lists at uni-x.org
Wed Jun 29 23:03:29 UTC 2005


Am Do, den 30.06.2005 schrieb rengland at europa.com um 0:04:

> As I understand it, since I upgraded from FC2 to FC3 (as opposed to doing
> a fresh install), the selinux features were not installed/activated (?).

Correct. If SELinux was disabled on FC2 (which was default and should
have been this way as on FC2 SELinux wasn't usable - mentioned in the
SELinux FAQ) and will not be activated during an upgrade.

> Is there a source for information or even a HowTo available that will
> explain, step by step, what has to be done to bring the selinux features
> up on FC3 after and upgrade?  Are there RPMs that have to be added?  I
> know that selinux.conf needs to be defined but not what it needs to
> contain.

I don't know of such a detailed howto to explain the steps in detail.

$ rpm -qa | grep selinux

Run this to see that you have the policies (targeted and strict) and the
libselinux rpm installed.
I think you mean /etc/selinux/config and not selinux.conf. The file
exists and has presettings. How you adjust it depends on your wishes.
Following site is the SELinux FAQ for FC3:

http://fedora.redhat.com/docs/selinux-faq-fc3/

The first step should be

touch /.autorelabel
reboot

to have a fully labeled filesytem as a solid base for SELinux
operations.
It may be a good decision to start with permissive mode. This way you
have SELinux being active but it does not stop things from working, but
you get audit / avc messages by the syslog in /var/log/messages. Later,
after fixing serious issues (if there are some) you can set it to
enforcing.

> --Richard

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 00:52:25 up 4 days, 7:44, load average: 0.37, 0.43, 0.30 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20050630/36757b7d/attachment-0002.bin 


More information about the users mailing list