The
SELinux (Security Enhanced
Linux) framework is part of Fedora Core. SELinux limits the actions of both
users and programs by enforcing security policies throughout the
operating system. Without SELinux, software bugs or configuration
changes may render a system more vulnerable. The restrictions
imposed by SELinux policies provide extra security against
unauthorized access.
Inflexible SELinux policies might inhibit many normal activities on
a Fedora system. For this reason, Fedora Core uses targeted policies,
which only affect specific network services. These services
cannot perform actions that are not part of their normal
functions. The targeted policies reduce or eliminate any
inconvenience SELinux might cause users. Set the SELinux mode to one
of the following:
- Active
Select this mode to use the targeted SELinux policy on your
Fedora system. This is the default mode for Fedora
installations.
- Warn
Because SELinux is a new technology, this diagnostic mode is
provided. In this mode, the system is configured with
SELinux, but a breach of security policies only causes an
error message to appear. No activities are actually
prohibited when SELinux is installed in this mode. You may
change the SELinux mode to Active at any
time after booting.
- Disabled
If you choose this mode for SELinux, Fedora does not configure
the access control system at all. To make SELinux active
later, from the main menu, select
->->.
| Changing the SELinux policy |
---|
SELinux is unique in that it cannot be bypassed, even by the
system administrators. To change the behavior of SELinux after
installation, from the main menu, choose ->->.
|
|