PDA

View Full Version : Selinux Manager



griffinmt
28th September 2012, 07:26 PM
Tyring out F18 alpha, generally ok so far. But what is the name of the management tool to install via yum? I need to turn off (and on) selinux while testing some stuff. :confused:

stevea
28th September 2012, 08:25 PM
setenforce [ Enforcing | Permissive | 1 | 0 ]
should be installed already.

billybob linux
28th September 2012, 08:53 PM
I have been doing that this evening (trying out F18 Alpha). I had been reading the Dan Walsh Blog today and there was mention of changes in SELinux in F18 . I downloaded the iso and gave the live cd a shot and I then decided to accept my fate :) and install to hard drive.

I then attempted to download the updates (as I do after a fresh install ) but SELinux warned me that there were too many packages to unwrap, or something similar. I am no expert on this, but I thought that perhaps SELinux has a limit set for that and my work around was to download the updates in small chunks at a time and this did work, after some time I selected all packages and everything went smoothly.

Again I am not an expert here but as far as I am aware SELinux attaches labels to files so if you switch it on and off after changing files this may cause a problem, someone correct me if I am wrong.

To access the yum installer , go to main menu, system tools, and yum extender. Hope this helps you in some way :)

secipolla
29th September 2012, 01:57 AM
You can set enforcing to off (i.e set it to 'permissive'). If you disable selinux altogether then when you enable it it has to relabel the filesystem.

griffinmt
29th September 2012, 05:38 PM
I understand the implications (I think ) of disabling/enabling.
But in previous releases, there was a gui app that, among other things, would do this for you. No I cannot find it!

TIA

secipolla
29th September 2012, 07:32 PM
I think in F17 it's called policycoreutils-gui

griffinmt
30th September 2012, 06:34 AM
Thanks, that did the trick.

A name like selinux-manager would have made more sense :dance:

secipolla
30th September 2012, 12:34 PM
But you have to have a reasonably powerful machine if you start messing with the policy rules.
Every time you check or uncheck one of those boxes, AFAIK all policy is recompiled.