On Fri, Dec 03, 2010 at 12:07:43PM -0800, solarflow99 wrote:
> On Fri, Dec 3, 2010 at 8:06 AM, <[email protected]> wrote:
> > Obviously a server is likely to have more than just an out of the box
> > configuration.
> >
> > But anyways... if i remember correctly, wasn't one of the changes in the
> > RHEL6 SELinux the ability to section off where SELinux is enforcing versus
> > not, so that it isn't an all or nothing thing?
>
> ya, I think it is unconfined_t. Fedora has had it for a long time
> now. I sure wouldn't want to turn selinux off on a production server.
>
No, I believe the change is that you now can put domains in permissive
mode. So it's no longer an all (SELINUX=enforcing) or nothing
(SELINUX=permissive) setting any more, but now you can put f.ex. the
webserver into permissive mode, without opening up everything.
http://lwn.net/Articles/303216/
-jf
_______________________________________________
rhelv6-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv6-list
