The
SELinux (Security Enhanced Linux) framework
is part of Fedora Core. SELinux limits the actions of both users and
programs by enforcing security policies throughout the operating
system. Without SELinux, software bugs or configuration changes may
render a system more vulnerable. The restrictions imposed by SELinux
policies provide extra security against unauthorized access.
Inflexible SELinux policies might inhibit many normal activities on
a Fedora system. For this reason, Fedora Core uses targeted policies,
which only affect specific network services. These services cannot
perform actions that are not part of their normal functions. The
targeted policies reduce or eliminate any inconvenience SELinux
might cause users. Set the SELinux mode to one of the following:
-
Enforcing
-
Select this mode to use the targeted SELinux policy on your
Fedora system. This is the default mode for Fedora
installations.
-
Permissive
-
In this mode, the system is configured with SELinux, but a
breach of security policies only causes an error message to
appear. No activities are actually prohibited when SELinux is
installed in this mode. You may change the SELinux mode to
Enforcing
at any time after booting.
-
Disabled
-
If you choose this mode for SELinux, Fedora does not configure
the access control system at all. To make SELinux active
later, select
→
→
.
To adjust SELinux, choose
Modify SELinux
Policy
. To exempt a key service from SELinux
restrictions, select the service from the list, and choose the
Disable SELinux protection
option. The
SELinux Service Protection
item on the list
includes options to disable SELinux restrictions on additional
services.
|
Changing the SELinux policy |
SELinux is unique in that it cannot be bypassed, even by the
system administrators. To change the behavior of SELinux after
installation, choose
→
→
.
|
For more information about SELinux, refer to the SELinux FAQ at
https://fedora.redhat.com/docs/selinux-faq/.