The following sections give a brief overview of the main SELinux packages in Red Hat Enterprise Linux; installing and updating packages; which log files are used; the main SELinux configuration file; enabling and disabling SELinux; SELinux modes; configuring Booleans; temporarily and persistently changing file and directory labels; overriding file system labels with the
mount command; mounting NFS volumes; and how to preserve SELinux contexts when copying and archiving files and directories.
In Red Hat Enterprise Linux, the SELinux packages are installed by default, in a full installation, unless they are manually excluded during installation. If performing a minimal installation in text mode, the policycoreutils-python and the policycoreutils-gui package are not installed by default. Also, by default, SELinux targeted policy is used, and SELinux runs in enforcing mode. The following is a brief description of the SELinux packages that are installed on your system by default:
policycoreutils provides utilities such as
setsebool, for operating and managing SELinux.
provides the SELinux Reference Policy. The SELinux Reference Policy is a complete SELinux policy, and is used as a basis for other policies, such as the SELinux targeted policy; refer to the Tresys Technology SELinux Reference Policy
page for further information. This package also provides the
development utility, as well as example policy files.
selinux-policy-targeted provides the SELinux targeted policy.
libselinux – provides an API for SELinux applications.
libselinux-utils provides the
libselinux-python provides Python bindings for developing SELinux applications.
The following is a brief description of the main optional packages, which have to be installed via the
yum install <package-name> command:
selinux-policy-mls provides the MLS SELinux policy.
setroubleshoot-server translates denial messages, produced when access is denied by SELinux, into detailed descriptions that are viewed with the
sealert utility, also provided by this package.
– this package provides the Tresys Technology SETools distribution
, a number of tools and libraries for analyzing and querying policy, audit log monitoring and reporting, and file context management. The setools
package is a meta-package for SETools. The setools-gui
package provides the
tools. The setools-console
package provides the
command-line tools. Refer to the Tresys Technology SETools
page for information about these tools.
mcstrans translates levels, such as
s0-s0:c0.c1023, to an easier to read form, such as
SystemLow-SystemHigh. This package is not installed by default.
policycoreutils-python provides utilities such as
chcat, for operating and managing SELinux.
system-config-selinux, a graphical tool for managing SELinux.