![]() SquashFS supports xattr (which is required for SELinux file labeling) since kernel version 2.6.30. Once it's labelled everything will work correctly. You need to manually relabel the subvolume. For ext2/3/4 there is nothing special to be aware of, but for other filesystems there are still some quirks:Ĭurrently an autorelabel operation won't cover subvolumes on btrfs. Currently this includes btrfs, ext2, ext3, ext4, jfs and xfs. If you want to learn how to work with your newly configured SELinux system (relabelling files, moving files, checking the security context of files, etc), the Fedora Project SELinux FAQ documentation by RedHat may be useful.įirst of all you must use a filesystem that supports SELinux. If no critical audit errors appear in your syslog and you feel comfortable with SELinux, enable enforcing mode temporarily by running setenforce 1 or permanently by adding enforcing=1 to the kernel command line in /etc/default/grub and then rebooting one last time. You can see all would-be denials since the last reboot with a small explanation for each with audit2why -al. This means that the selinux policy is not enforced, but denials are logged. You should now have a working SELinux system, which is in permissive mode. (Note: in wheezy the warning about /etc/pam.d/login is a false positive) Run check-selinux-installation to check that everything has been setup correctly and to catch common SELinux problems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |