| Currently only Fedora Core supports SELinux by providing it as an integral component that is installed without special effort on the part of the installing user . However, Red Hat has announced that Red Hat Enterprise Linux 4 (RHEL 4) will support SELinux. The RHEL 4 implementation of SELinux is expected to closely resemble the one in Fedora Core 2. 3.3.1 Fedora Core 2 Fedora Core is a Linux distribution sponsored ”but not supported ”by Red Hat that uses the distribution as a test bed for new technologies being considered for incorporation in Red Hat's supported distributions, such as Red Hat Enterprise Linux. Fedora Core is freely available at http://fedora.redhat.com. Unlike Red Hat Enterprise Linux, which contains proprietary components , Fedora Core is fully redistributable under the terms of the GNU GPL. Fedora Core 2 presents the most convenient implementation of SELinux available to date. To install SELinux, you must respond selinux to the boot prompt that appears after booting from the installation media. [1] During the installation procedure, the Firewalls screen (see Figure 3-1) provides the user with the opportunity to choose from three levels of SELinux support: [1] Fedora Core 2 test versions do not require you to use this special boot option. -
- Disabled
-
Disables SELinux. -
- Warn
-
Enables SELinux to log, but not prevent, attempted violations of the SELinux policy. -
- Active
-
Enables SELinux to fully enforce its policy. Figure 3-1. The Fedora Core firewalls screen 
When the system boots after installation, SELinux immediately assumes the mode specified during installation ”no further configuration is necessary. Of course, the system administrator can reconfigure the system to operate in a different SELinux mode by modifying the boot configuration ( /boot/grub/grub.conf ) or the SELinux configuration ( /etc/sysconfig/selinux ), either manually or by using the GUI Security Level tool. Moreover, the RPM package manager included in Fedora Core is SELinux-aware. It automatically labels files and directories when new packages are installed. Thus, running SELinux under Fedora Core may involve relatively little ongoing administration. The default SELinux policy implemented by Fedora Core is termed a " relaxed policy," meaning that it seeks to protect potentially vulnerable services and daemons without strictly imposing the principle of least privilege on every user action. Thus, the policy represents a compromise between ease of use and security that is appropriate for many users. The system administrator, of course, is free to tailor the SELinux policy to better suit local needs. In particular, the system administrator may find it necessary to do so if the system hosts binaries other than those distributed as part of Fedora Core, or if the system administrator wants to restrict the privileges available to scripts such as cron jobs. Chapter 5 and Chapter 8 of this book explain the procedures for doing so. | 