Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello to all the members. This is my first question. I have Fedora 10 running SELinux in enforcing mode. I have encountered a number of denials. I expected this. When I installed the system, I set SELinux to disabled to set the booleans I required. I then reset the mode to enforcing. My question is, should I add a module for each denial as I run into them or wait until I have multiple things to allow. TIA
As Red Hat was one of the first distributions to champion SE Linux and Fedora inherited RH's documentation standards, the docs that came with your installation, the Fedora website and Wiki should be your first port of call. Next up, since posting here, could be searching LQ for any threads containing the term "selinux" and "audit2allow". Not that suprisingly, this was asked before. Not that I don't know the answer, don't want to answer or put this as an RTFM-like response but you know the fish slash fishing rod thingie in terms of selfreliance and such, right?
As Red Hat was one of the first distributions to champion SE Linux and Fedora inherited RH's documentation standards, the docs that came with your installation, the Fedora website and Wiki should be your first port of call. Next up, since posting here, could be searching LQ for any threads containing the term "selinux" and "audit2allow". Not that suprisingly, this was asked before. Not that I don't know the answer, don't want to answer or put this as an RTFM-like response but you know the fish slash fishing rod thingie in terms of selfreliance and such, right?
Ok unSpawn, before I came here I Google'd the life out of my question. I searched this forum. I can get a million answers that tell me how to run audit2allow. I've read the docs for audit2allow, same thing. I know how to create the .te and .pp files. If there is a post here answers my question, I can't find it. If your fishing reference means Give a man a fish and he'll eat for a day. Teach a man to fish and he will eat for a lifetime. I know that one. As far as RTFM goes, I never ask questions without reading the manual.
As you understand what SE Linux governs and having weeded out most denials the default ways, sure, you could split them up and add a module fo each of them. OTOH, since it will be a local policy adjustment, but what's the benefit of having multiple modules? Usually it's not like you would manage SE Linux in a fine-grained way by regularly inserting, swapping or removing modules and wrt functionality it makes no difference: rules get loaded and that's about it.
As you understand what SE Linux governs and having weeded out most denials the default ways, sure, you could split them up and add a module fo each of them. OTOH, since it will be a local policy adjustment, but what's the benefit of having multiple modules? Usually it's not like you would manage SE Linux in a fine-grained way by regularly inserting, swapping or removing modules and wrt functionality it makes no difference: rules get loaded and that's about it.
Thanks for your answer. I was concerned that I would end up with multiple modules. I figured out where I went wrong now. Instead of disabling SELinux I should have set it to permissive. That way I would have avoided several restarts and could have just run semodule everytime I bumped into a denial until I was done setting everything up.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.