As a recent convert to Linux and Fedora, I have upgraded my FC2 system to FC3 and it is running really well except for SElinux.

I thought that this security feature ran automatically in FC3, but in the system log I always get a messages stating:

SELinux: Initializing.
SELinux: Starting in permissive mode
There is already a security framework initialized, register_security failed.
selinux_register_security: Registering secondary module capability

I have looked around the forums and can find posts with similar questions but no real solution.
When I type getenforce, it returns with Disabled, so I am assuming that SElinux is disabled, and this is done at /etc/selinux/config file states:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcinfg - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled

# SELINUXTYPE= can take one of these two values:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=strict

MY QUESTIONS ARE...
1. For desktop use, is it important to have SElinux running?
2. It is easy to enforce the required policies?
3. Is there a way to prevent the system log error messages or don't they matter?

Any help would be appreciated.

Algenon.

1. For desktop use, is it important to have SElinux running?
not as much as on server but it is a Good Thing to have - if it works then why not? problem is that SELinux is just begining to gain adoption so it is not well tested. it produces some minor issues (they usualy can be easly fixed - but you need to know the tools and methodology acompaining them...), I think two more releases of Fedora and we (community) will work out several default policies regarding server usage, desktop usage and so on - and it will work smoothly so realy there will be no reason to why not to use it... but it requires a lot of testing (broken applications need to be fixed, defaults need to be).

2. It is easy to enforce the required policies?
if you know the right tools and how to do it it is not hard. it is not trivial either - you need to have some clue on how *nix system works in general...

3. Is there a way to prevent the system log error messages or don't they matter?

I don't know... try Fedora SELinux FAQ - it has lot of resources in this matter...
http://fedora.redhat.com/docs/selinux-faq-fc3/

and also this has some insight:
http://fedora.redhat.com/docs/selinux-apache-fc3/

When upgrading from FC2 to FC3 there is no option to turn on SELinux during the upgrade. It only comes up from a fresh install of FC3. Fedora had some bugs converting FC2 to use SELinux on the upgrade so for now it is left out. You can turn it on in the Start Menu > System Settings > Security Level but may require some tweaking. I don't recall where I seen it or where the fixes are. Do a search on the Net. If you have the option r*** something ( I don't recall the names there since I remove them from install ) and one called quiet on the kernel line in /boot/grub/grub.conf remove them and it will show more info on boot. Also you can hit the ' e ' button and edit the line just for that boot. It does not do a permanet write. It defaults back to your default on the next reboot.

Brian1
" Google the Linux way @ http://www.google.com/linux "