On Tuesday 05 February 2008, Erich Schubert wrote: > Did you try strict or targeted mode? > I figure Fedora by default uses targeted mode, so it might just be > running leafnode in the unprotected targeted domain (unconfined_t) > Last I heard, Fedora was using SELinux only to protect certain > well-known services such as Bind, DHCP and such. > (Which is good enough for most users, that's why targeted is the better > default.)
I'm confused now. Aren't the modes, only Enforcing and Permissive ? On my Debian box, the strict and targeted keywords refer to the selinux policies. And I'm using the targetted policy. And so is fedora. Both have only the targeted policies, selinux-policy-refpolicy-targetted and selinux-policy-targeted respectively. > > You can check that by checking the output of "ps auxZ | grep > leadnode" (or whatever the leafnode binary is called) while accessing > leafnode. > Here's what ps says: system_u:system_r:inetd_child_t:s0-s0:c0.c1023 > Also have a look at the output of "ls -Z" on the leafnode binaries, > maybe Fedora is just applying the INN policy to leafnode. > (The current upstream INN policy doesn't reference leafnode) -rwxr-xr-x root root system_u:object_r:bin_t:s0 Ritesh -- Ritesh Raj Sarraf RESEARCHUT - http://www.researchut.com "Necessity is the mother of invention."
signature.asc
Description: This is a digitally signed message part.
