Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 


	    SELinux screen.

Figure 13.4. SELinux Screen

The SELinux (Security Enhanced Linux) framework is part of Fedora Core. SELinux limits the actions of both users and programs by enforcing security policies throughout the operating system. Without SELinux, software bugs or configuration changes may render a system more vulnerable. The restrictions imposed by SELinux policies provide extra security against unauthorized access.

Inflexible SELinux policies might inhibit many normal activities on a Fedora system. For this reason, Fedora Core uses targeted policies, which only affect specific network services. These services cannot perform actions that are not part of their normal functions. The targeted policies reduce or eliminate any inconvenience SELinux might cause users. Set the SELinux mode to one of the following:

Enforcing

Select this mode to use the targeted SELinux policy on your Fedora system. This is the default mode for Fedora installations.

Permissive

In this mode, the system is configured with SELinux, but a breach of security policies only causes an error message to appear. No activities are actually prohibited when SELinux is installed in this mode. You may change the SELinux mode to Enforcing at any time after booting.

Disabled

If you choose this mode for SELinux, Fedora does not configure the access control system at all. To make SELinux active later, select System -> Administration -> Security Level and Firewall .

To adjust SELinux, choose Modify SELinux Policy . To exempt a key service from SELinux restrictions, select the service from the list, and choose the Disable SELinux protection option. The SELinux Service Protection item on the list includes options to disable SELinux restrictions on additional services.

[Tip] Changing the SELinux policy

SELinux is unique in that it cannot be bypassed, even by the system administrators. To change the behavior of SELinux after installation, choose System -> Administration -> Security Level and Firewall .

For more information about SELinux, refer to the SELinux FAQ at https://fedora.redhat.com/docs/selinux-faq/.

 
 
  Published under the terms of the GNU General Public License Design by Interspire