49.6.4. SELinux での MLS の有効化

yum install selinux-policy-mls

~]# yum install selinux-policy-mls

This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
    enforcing - SELinux security policy is enforced.
    permissive - SELinux prints warnings instead of enforcing.
    disabled - No SELinux policy is loaded.
SELINUXTYPE= can take one of these two values:
    targeted - Targeted processes are protected,
    minimum - Modification of targeted policy. Only selected processes are protected.
    mls - Multi Level Security protection.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=mls

setenforce 0
getenforce

~]# setenforce 0
~]# getenforce
Permissive

touch /.autorelabel

~]# touch /.autorelabel

*** Warning -- SELinux mls policy relabel is required.
*** Relabeling could take a very long time, depending on file
*** system size and speed of hard drives.
***********

*** Warning -- SELinux mls policy relabel is required.
*** Relabeling could take a very long time, depending on file
*** system size and speed of hard drives.
***********

genhomedircon
restorecon -R -v /root /home <other_home_directories>

~]# genhomedircon
~]# restorecon -R -v /root /home <other_home_directories>

This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
    enforcing - SELinux security policy is enforced.
    permissive - SELinux prints warnings instead of enforcing.
    disabled - No SELinux policy is loaded.
SELINUXTYPE= can take one of these two values:
    targeted - Targeted processes are protected,
    minimum - Modification of targeted policy. Only selected processes are protected.
    mls - Multi Level Security protection.

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=mls

getenforce

~]$ getenforce
Enforcing

sestatus |grep mls

~]# sestatus |grep mls
Policy from config file:        mls