This is the upstream repository for the Security Enhanced Linux (SELinux) userland libraries and tools. The software provided by this project complements the SELinux features integrated into the Linux kernel and is used by Linux distributions. All bugs and patches should be submitted to selinux@vger.kernel.org
Other
1.35k
stars
360
forks
source link
ambiguous suggestion with catchall_boolean for secure_mod_insmod #375
Reading this is ambiguous to novice SELinux users, it suggest both to enable (1) and to use value 0 (disable) in the same message.
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If you want to disable kernel module loading.
Then you must tell SELinux about this by enabling the 'secure_mode_insmod' boolean.
Do
setsebool -P secure_mode_insmod 0
suggested is to write
If you want to disable kernel module loading.
Then you must tell SELinux about this by setting 'secure_mode_insmod' boolean to 0.
To make the change permanent
Do
setsebool -P secure_mode_insmod 0
alternatively
If you want to disable kernel module loading.
Then you must tell SELinux about this by disabling 'secure_mode_insmod'
To make the change permanent
Do
setsebool -P secure_mode_insmod 0
Reading this is ambiguous to novice SELinux users, it suggest both to enable (1) and to use value 0 (disable) in the same message.
suggested is to write
alternatively