Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 755
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
the wrong context. These processes could create files that would also be in the wrong
context.
Note
Additional white space at the end of a configuration line or as extra lines at the end of
the file may cause unexpected behavior. To be safe, remove unnecessary white space.
• SELINUXTYPE=targeted|strict — Specifies which policy SELinux should enforce.
• targeted — Only targeted network daemons are protected.
Important
The following daemons are protected in the default targeted policy: dhcpd, httpd
(apache.te), named, nscd, ntpd, portmap, snmpd, squid, and
syslogd. The rest of the system runs in the unconfined_t domain. This domain
allows subjects and objects with that security context to operate using standard Linux
security.
The policy files for these daemons are located in /etc/selinux/targeted/src/
policy/domains/program. These files are subject to change as newer versions of
Red Hat Enterprise Linux are released.
Policy enforcement for these daemons can be turned on or off, using Boolean values controlled
by the SELinux Administration Tool (system-config-selinux).
Setting a Boolean value for a targeted daemon to 0 (zero) disables policy transition for the
daemon. For example, you can set dhcpd_disable_trans to 0 to prevent init from
transitioning dhcpd from the unconfined_t domain to the domain specified in dhcpd.te.
Use the getsebool -a command to list all SELinux booleans. The following is an example of
using the setsebool command to set an SELinux boolean. The -P option makes the change
permanent. Without this option, the boolean would be reset to 1 at reboot.
setsebool -P dhcpd_disable_trans=0
• strict — Full SELinux protection, for all daemons. Security contexts are defined for all subjects
and objects, and every action is processed by the policy enforcement server.
• SETLOCALDEFS=0|1 — Controls how local definitions (users and booleans) are set. Set
this value to 1 to have these definitions controlled by load_policy from files in /etc/
selinux/<policyname>. or set it to 0 to have them controlled by semanage.
Caution
You should not change this value from the default (0) unless you are fully aware of the
impact of such a change.
Files Related to SELinux
729
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
Related Products for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
Need help?
Do you have a question about the ENTERPRISE LINUX 5 - DEPLOYMENT and is the answer not in the manual?
Questions and answers