This section highlights various security items from Fedora.
Fedora continues to improve its many proactive security features.
The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references. Some useful links include the following:
- New SELinux project pages: http://fedoraproject.org/wiki/SELinux
- Troubleshooting tips: http://fedoraproject.org/wiki/SELinux/Troubleshooting
- Frequently Asked Questions: http://docs.fedoraproject.org/selinux-faq/
- Listing of SELinux commands: http://fedoraproject.org/wiki/SELinux/Commands
- Details of confined domains: http://fedoraproject.org/wiki/SELinux/Domains
Different roles are now available, to allow finer-grained access control:
guest_tdoes not allow running
setuidbinaries, making network connections, or using a GUI.
xguest_tdisallows network access except for HTTP via a Web browser, and no
user_tis ideal for office users: prevents becoming root via
staff_tis same as
user_t, except that root-level access via
unconfined_tprovides full access, the same as when not using SELinux.
Browser plug-ins wrapped with
nspluginwrapper, which is the default, are confined by SELinux policy.
Security Audit Package
Sectool provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the project home:
A general introduction to the many proactive security features in Fedora, current status, and policies is available at http://fedoraproject.org/wiki/Security.