Red Hat Bugzilla – Bug 212760
system config security level no longer has a way to change selinux policy
Last modified: 2007-11-30 17:11:46 EST
Description of problem:
In FC5 one could change between mls, strict and targetted policies using the
graphical system-config-securitylevel progam. That option no longer appears to
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Go to System -> Adminstration -> Security Level and Firewall
2. Select SELinux
The ability to select policy type (MLS, Strict or Targetted) as in FC5
No visible button for setting policy and none of the options for tweaking policy
seemed to provide this function.
Do you have multiple selinux policy packages installed?
As it turns out no. It wasn't obvious as there doesn't seem to be a way to
control which policies get installed initially in FC6.
Once I manually installed the other policies then system-config-securitylevel
gave an option to change policy.
So I guess that makes this technically not a bug, but it seems to me to be a
confusing feature. If the option to change policy had been there with targetted
as the only option it would have been obvious that I needed to install the other
policies. When the option wasn't there I was left wondering if there was some
other place I should look to try to change policy, especially since after
installing all of the optional packages, my expectation was that the alternate
selinux policies would have been installed.
This functionality has moved to system-config-selinux in policycoreutils-gui,
which is a much more capable program. The SELinux stuff in s-c-securitylevel
was never that good anyway. Thanks for the bug report, however keep in mind
this may be a problem with that program as well. I don't know how they handle
this sort of stuff.