Linux-Tip.net - Trick: Tuning Your SELinux Policy with Audit2allow

Linux-Tip News

We are proud to present Linux-Tip Europe. This page is designed to provide the Linux users community (not only in Europe) with news and articles that are of interest to them. It works by allowing members of the community to submit news and articles relating to Linux hardware and software. This same community can then decide what tips should be promoted based on what they consider to be the most important or interesting to the community by voting stories up and down. Stories that receive enough votes are promoted to the Linux-Tip Europe homepage.

Home

Tips and Tricks

Linux Tricks

Trick: Tuning Your SELinux Policy with Audit2allow

Friday, 29 July 2005

Fedora Core 3 Linux has been shipping with Security Enhanced Linux (SELinux) enabled by default for about six months now. SELinux allows privileges to be separated much more finely than the typical approach of having users and groups and the all-powerful root "superuser". The default SELinux configuration is fine for some uses, but the SELinux configuration files make sendmail.cf look easy. In this article, I will show you step-by-step how to tune your SELinux policy to your specific needs using the audit2allow tool.
SELinux is a kernel patch (which was merged into the main kernel.org kernel in the 2.6.0-test series) that provides the hooks needed to detect, log, and enforce Mandatory Access Controls on processes. The rules that control what is allowed and disallowed constitute a "policy". This policy includes rules specifying which things are managed under the SELinux framework.

Read more at SysAdmin

< Prev		Next >

[ Back ]

My laptop display resolution wasn't configured by default, so I had to edit the xorg.conf file and correctly specify the 1920x1200 resolution at all color depths. Plus, Slackware doesn't come with binary driver support for ATI or nVidia graphics cards but you can easily add them by downloading the latest version and following the install directions for whichever card you have. The Open Addict DELL XPS M170 test laptop comes with a nVidia card, so I grabbed the latest drivers from nvidia.com and installed from that point. No big deal there. [Open Addict]

The information contained in this webpage is provided 'as is' without warranty of any kind.

The entire risk as to the results and the performance of the information is assumed by the user, and in no event shall Linux-Tip be liable for any

consequential, incidental or direct damages suffered in the course of using the information in this articles. Use of the information contained in this

material are governed by their respective license agreements and may contain restrictions on use.

Linux is a registered trademark of Linus Torvalds.
All trademarks here are property of their respective owners.
Articles are owned by their authors. The rest is © 2000-2010, Frank Neugebauer.

Linux-Tip News

Bookmark this article

Main Menu

Virus Info Feed

Alexa Traffic Stats