[Fedora] Re: SELinux Attack!

Ashley M. Kirchner ashley at pcraft.com
Fri Oct 12 18:28:38 UTC 2007


Karl Larsen wrote:
> Well it has been SELINUX=disabled for quite a while after I had the 
> problem, but when I read dmesg after reboot I still see 
> SELINUX=passive. So there is something not right yet.

    Do yourself a favor and scan for ALL SELinux messages in dmesg, not 
just the first occurrence you see:

    This is what it says on a server where I have it disabled:

    :~> grep SELinux /var/log/dmesg
    SELinux:  Initializing.
    SELinux:  Starting in permissive mode
    SELinux:  Registering netfilter hooks
    SELinux:  Disabled at runtime.
    SELinux:  Unregistering netfilter hooks

    As you can see, yes SELinux does come up active, but then gets 
disabled further down into the boot sequence.




More information about the users mailing list