annakamilla
(usa Manjaro Linux)
Enviado em 30/09/2012 - 22:49h
ferrarini escreveu:
annakamilla escreveu:
estranho veja:
[root@PC01PRINCIPAL m]# man selinux
selinux(8) SELinux Command Line documentation selinux(8)
NAME
selinux - NSA Security-Enhanced Linux (SELinux)
DESCRIPTION
NSA Security-Enhanced Linux (SELinux) is an implementation of a flexi‐
ble mandatory access control architecture in the Linux operating sys‐
tem. The SELinux architecture provides general support for the
enforcement of many kinds of mandatory access control policies, includ‐
ing those based on the concepts of Type Enforcement®, Role- Based
Access Control, and Multi-Level Security. Background information and
technical documentation about SELinux can be found at
http://www.nsa.gov/selinux.
The /etc/selinux/config configuration file controls whether SELinux is
enabled or disabled, and if enabled, whether SELinux operates in per‐
missive mode or enforcing mode. The SELINUX variable may be set to any
one of disabled, permissive, or enforcing to select one of these
options. The disabled option completely disables the SELinux kernel
and application code, leaving the system running without any SELinux
protection. The permissive option enables the SELinux code, but causes
it to operate in a mode where accesses that would be denied by policy
FILE LABELING
All files, directories, devices ... have a security context/label asso‐
ciated with them. These context are stored in the extended attributes
of the file system. Problems with SELinux often arise from the file
system being mislabeled. This can be caused by booting the machine with
a non selinux kernel. If you see an error message containing file_t,
that is usually a good indicator that you have a serious problem with
file system labeling.
The /etc/selinux/config configuration file also controls what policy is
active on the system. SELinux allows for multiple policies to be
installed on the system, but only one policy may be active at any given
time. At present, two kinds of SELinux policy exist: targeted and
strict. The targeted policy is designed as a policy where most pro‐
cesses operate without restrictions, and only specific services are
placed into distinct security domains that are confined by the policy.
For example, the user would run in a completely unconfined domain while
the named daemon or apache daemon would run in a specific domain tai‐
lored to its operation. The strict policy is designed as a policy
where all processes are partitioned into fine-grained security domains
and confined by policy. It is anticipated in the future that other
policies will be created (Multi-Level Security for example). You can
define which policy you will run by setting the SELINUXTYPE environment
variable within /etc/selinux/config. The corresponding policy configu‐
ration for each such policy must be installed in the
/etc/selinux/SELINUXTYPE/ directories.
The best way to relabel the file system is to create the flag file
/.autorelabel and reboot. system-config-securitylevel, also has this
capability. The restorcon/fixfiles commands are also available for
relabeling files.
THOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
SEE ALSO
booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restore‐
con(8), setfiles(8), ftpd_selinux(8), named_selinux(8),
rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8),
kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
FILES
/etc/selinux/config
locate selinux
mas você digitou man selinux ou locate selinux? pq se foi isso era para retornar isso, por exemplo:
/usr/include/linux/selinux_netlink.h
/usr/include/xcb/xselinux.h
/usr/share/x11-server-source/Xext/xselinux.h
/usr/share/x11-server-source/Xext/xselinux_ext.c
/usr/share/x11-server-source/Xext/xselinux_hooks.c
/usr/share/x11-server-source/Xext/xselinux_label.c
/usr/share/x11-server-source/Xext/xselinuxint.h
/usr/share/xcb/xselinux.xml
/usr/src/linux-2.6.38.4-17mnb2/include/linux/selinux.h
/usr/src/linux-2.6.38.4-17mnb2/include/linux/selinux_netlink.h
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/Makefile
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/README
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/genheaders
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/install_policy.sh
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/mdp
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/genheaders/.gitignore
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/genheaders/Makefile
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/genheaders/genheaders.c
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/mdp/.gitignore
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/mdp/Makefile
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/mdp/dbus_contexts
/usr/src/linux-2.6.38.4-17mnb2/scripts/selinux/mdp/mdp.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/.gitignore
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/Kconfig
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/Makefile
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/avc.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/exports.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/hooks.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/netif.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/netlabel.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/netlink.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/netnode.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/netport.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/nlmsgtab.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/selinuxfs.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/xfrm.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/audit.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/avc.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/avc_ss.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/classmap.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/conditional.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/initial_sid_to_string.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/netif.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/netlabel.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/netnode.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/netport.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/objsec.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/security.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/include/xfrm.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/avtab.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/avtab.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/conditional.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/conditional.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/constraint.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/context.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/ebitmap.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/ebitmap.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/hashtab.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/hashtab.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/mls.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/mls.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/mls_types.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/policydb.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/policydb.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/services.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/services.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/sidtab.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/sidtab.h
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/status.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/symtab.c
/usr/src/linux-2.6.38.4-17mnb2/security/selinux/ss/symtab.h
/usr/src/linux-2.6.38.4-desktop-17mnb2/include/linux/selinux.h
/usr/src/linux-2.6.38.4-desktop-17mnb2/include/linux/selinux_netlink.h
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/Makefile
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/README
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/genheaders
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/install_policy.sh
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/mdp
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/genheaders/.gitignore
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/genheaders/Makefile
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/genheaders/genheaders.c
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/mdp/.gitignore
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/mdp/Makefile
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/mdp/dbus_contexts
/usr/src/linux-2.6.38.4-desktop-17mnb2/scripts/selinux/mdp/mdp.c
/usr/src/linux-2.6.38.4-desktop-17mnb2/security/selinux
/usr/src/linux-2.6.38.4-desktop-17mnb2/security/selinux/Kconfig
/usr/src/linux-2.6.38.4-desktop-17mnb2/security/selinux/Makefile
