NB PandE - Revision history http://www.selinuxproject.org/w/?title=NB_PandE&action=history Revision history for this page on the wiki en MediaWiki 1.10.4 Thu, 23 May 2013 11:28:23 GMT Jaxelson at 20:48, 13 September 2010 http://www.selinuxproject.org/w/?title=NB_PandE&diff=1033&oldid=prev <p></p> <table border='0' width='98%' cellpadding='0' cellspacing='4' style="background-color: white;"> <tr> <td colspan='2' width='50%' align='center' style="background-color: white;">←Older revision</td> <td colspan='2' width='50%' align='center' style="background-color: white;">Revision as of 20:48, 13 September 2010</td> </tr> <tr><td colspan="2" align="left"><strong>Line 34:</strong></td> <td colspan="2" align="left"><strong>Line 34:</strong></td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;">----</td><td> </td><td style="background: #eee; font-size: smaller;">----</td></tr> <tr><td> </td><td style="background: #eee; font-size: smaller;">&lt;references/&gt;</td><td> </td><td style="background: #eee; font-size: smaller;">&lt;references/&gt;</td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td style="background: #cfc; font-size: smaller;"></td></tr> <tr><td colspan="2">&nbsp;</td><td>+</td><td style="background: #cfc; font-size: smaller;">[[Category:Notebook]]</td></tr> </table> Mon, 13 Sep 2010 20:48:42 GMT Jaxelson http://www.selinuxproject.org/page/Talk:NB_PandE RichardHaines: New page: = SELinux Permissive and Enforcing Modes = SELinux has three major modes of operation: : '''Enforcing''' - SELinux is enforcing the loaded policy. : '''Permissive''' - SELinux has loade... http://www.selinuxproject.org/w/?title=NB_PandE&diff=949&oldid=prev <p>New page: = SELinux Permissive and Enforcing Modes = SELinux has three major modes of operation: : '''Enforcing''' - SELinux is enforcing the loaded policy. : '''Permissive''' - SELinux has loade...</p> <p><b>New page</b></p><div>= SELinux Permissive and Enforcing Modes =<br /> SELinux has three major modes of operation:<br /> <br /> : '''Enforcing''' - SELinux is enforcing the loaded policy. <br /> <br /> : '''Permissive''' - SELinux has loaded the policy, however it is not enforcing the policy. This is generally used for testing as the audit log will contain the AVC denied messages as defined in the [[NB_AL | Audit Logs]] section. The SELinux utilities such as &lt;tt&gt;audit2allow(1)&lt;/tt&gt; and &lt;tt&gt;audit2why(8)&lt;/tt&gt; can then be used to determine the cause and possible resolution by generating the appropriate allow rules.<br /> <br /> : '''Disabled''' - The SELinux infrastructure (in the kernel) is not loaded.<br /> <br /> These flags are set in the &lt;tt&gt;/etc/selinux/config&lt;/tt&gt; file as described in the [[GlobalConfigurationFiles | Global Configuration Files]] section.<br /> <br /> There is another method for running specific domains in permissive mode using the &lt;tt&gt;permissive&lt;/tt&gt; statement. This can be used directly in a user written loadable module or &lt;tt&gt;semanage(8)&lt;/tt&gt; will generate the appropriate module and load it using the following example command:<br /> &lt;pre&gt;<br /> # This example will add a new module in <br /> # /etc/selinux/&lt;policy_name&gt; # /modules/active/modules/permissive_unconfined_t.pp<br /> # and then reload the policy: <br /> <br /> semanage permissive -a unconfined_t<br /> &lt;/pre&gt;<br /> <br /> The &lt;tt&gt;sestatus(8)&lt;/tt&gt; command will show the current policy mode in its output as follows:<br /> &lt;pre&gt;<br /> SELinux status: enabled<br /> SELinuxfs mount: /selinux<br /> Current mode: permissive<br /> Mode from config file: enforcing<br /> Policy version: 24<br /> Policy from config file: modular-test<br /> &lt;/pre&gt;<br /> <br /> <br /> <br /> <br /> ----<br /> &lt;references/&gt;</div> Sun, 16 May 2010 14:59:20 GMT RichardHaines http://www.selinuxproject.org/page/Talk:NB_PandE