Re: Debian etch RC1 installation question

To: debian-user@lists.debian.org
Subject: Re: Debian etch RC1 installation question
From: Kevin Mark <kevin.mark@verizon.net>
Date: Wed, 15 Nov 2006 06:03:20 -0500
Message-id: <[🔎] 20061115110320.GE14215@localhost>
Mail-followup-to: Kevin Mark <kevin.mark@verizon.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 173601c70897$85791f60$211a000a@lbank.lt>
References: <[🔎] 20061115080450.GA6763@galactic.demon.co.uk> <[🔎] 173601c70897$85791f60$211a000a@lbank.lt>

On Wed, Nov 15, 2006 at 11:22:07AM +0200, Aladdin wrote:
> 
> So if I'll not touch anything regarding selinux after my install - shall I have disabled selinux? Right?
> 
> In selinux config file I have the following entries (I didn't touch anything):
> 
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - No SELinux policy is loaded.
> SELINUX=permissive
> 
> As I can understand selinux is enabled? Or am I wrong? Because in logs I can see the following messages:
> 
> Nov 14 07:27:56 vega kernel: Security Framework v1.0.0 initialized
> Nov 14 07:27:56 vega kernel: SELinux:  Disabled at boot.
> Nov 14 07:27:56 vega kernel: Capability LSM initialized
> 
> I'm little confused here:(
> 
> > Read the instructions: there is SELinux support in the base packages for
> > those that need that functionality. SELinux is not enabled by default:
> > you have to make changes manually after reboot to enable it.
> > 
> > The extra overhead to allow for SELinux support in base packages like
> > login is a few k in disk space: if you don't want to use SELinux after
> > the first reboot, then don't enable it.
> 
Hi Aladdin,
there are 2 settings that affect you: the kernel command line
option(selinux=) and the config file with the SELINUX= variable:

selinux| SELINUX  | selinux status       | result   
---------------------------------------------------------------------
missing|          | selinux disabled     | no effect
0      |          | selinux disabled     | no effect
1      |disabled  | selinux disabled     | no effect
1      |permissive| selinux enabled      | no visible effect
                  | but in debugging mode| except debugging messages
1      |enforcing | selinux enabled      | increased security

cheers,
Kev
-- 
|  .''`.  == Debian GNU/Linux == |       my web site:       |
| : :' :      The  Universal     | debian.home.pipeline.com |
| `. `'      Operating System    | go to counter.li.org and |
|   `-    http://www.debian.org/ |    be counted! #238656   |
|     my keysever: pgp.mit.edu   |     my NPO: cfsg.org     |

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: Debian etch RC1 installation question
  - From: amacater@galactic.demon.co.uk (Andrew M.A. Cater)
- RE: Debian etch RC1 installation question
  - From: "Aladdin" <aladdin@antakalnis.lt>

Prev by Date: Re: levels of expertise on software usage
Next by Date: mini-itx server
Previous by thread: RE: Debian etch RC1 installation question
Next by thread: Re: Debian etch RC1 installation question
Index(es):
- Date
- Thread