SELinux and Fedora

[Linuxxx]

Hello

I'm just wondering why with my version of Fedora - 2.6.5-1.358 that when I type the command
$ id -Z
that I get this message

Sorry, --context ( -Z) can be used only on a selinux-enabled kernal.

If this is truly the case how do I enable SE in Fedora Core

Thank you
Scott

[tchung]

This is from FC2 Release Notes: (http://fedoranews.org/tchung/fc2-fin...-NOTES-en.html)

Fedora Core 2 includes an implementation of SELinux. SELinux represents a major shift in the way users, programs, and processes interact. By default, SELinux is installed — but disabled — in this release.

Note:
You can install Fedora Core 2 with SELinux enabled by entering selinux at the Boot: prompt when booting the Fedora Core installation program.

Should you decide to enable SELinux, it is strongly recommended that you read the Fedora Core SELinux FAQ:

http://people.redhat.com/kwade/fedor...elinux-faq-en/

(UPDATE)
Q:. How do I install SELinux on a running Fedora Core 2 that didn't have SELinux installed through Anaconda?
A:. Since SELinux is now part of the kernel, installation is straightforward. You are enabling systems already in place.

1. Install a policy and the policy utilities with with yum install policy policycoreutils.
2. Create or edit /etc/sysconfig/selinux and set SELINUX=permissive in it. The file should have the standard permissions set with chmod 644 /etc/sysconfig/selinux.
3. Relabel your file system with fixfiles relabel. This will take at least several minutes, as each file on the system is checked and labeled for the newly installed policy.
4. Reboot your system. Check /var/log/messages for avc: denied messages. You may need to relabel the files again now that you are running fully under an SELinux policy domain. Resolve any issues while still in permissive mode, and once you can boot without avc denials, set SELINUX=enforcing in /etc/sysconfig/selinux.

Q:. How do I turn enforcing on/off at boot?
A:. You can specify the SELinux mode using the configuration file /etc/sysconfig/selinux.

# This is a comment field in /etc/sysconfig/selinux
#
# Allowable values are:
# enforcing - enables enforcing mode
# permissive - enables permissive mode
# disabled - disables SELinux
SELINUX=<value>

Setting the value to enforcing is the same as adding enforcing=1 to your command line when booting the kernel to turn enforcing on, while setting the value to permissive is the same as adding enforcing=0 to turn enforcing off. Note that the command line kernel parameter overrides the configuration file.

In the kernel that shipped with Fedora Core 2, setting the value to disabled was not the same as the selinux=0 kernel boot parameter. However, updated kernels act exactly the same if you disable in run time or at boot -- SELinux hooks and pseudo file system are unregistered entirely.

Thomas