The SELinux (Security Enhanced Linux) framework is part of Fedora Core. SELinux limits the actions of both users and programs by enforcing security policies throughout the operating system. Without SELinux software bugs or configuration changes can render a system more vulnerable. The restrictions imposed by SELinux policies provide an extra line of defense.

Inflexible SELinux policies might inhibit many normal activities on a Fedora system. For this reason, Fedora Core uses targeted policies, which only affect specific network services. These services cannot perform actions that are not part of their normal functions. This means that SELinux can be active without causing users any inconvenience.

To use the targeted SELinux policy on your Fedora system, set the SELinux mode to Active. This is the default mode for Fedora installations.

Because SELinux is a new technology, a diagnostic mode is provided. If you set SELinux to Warn, the system is configured, but any breach of security policies only causes an error message to appear. No activities are actually prohibited when SELinux is installed in this mode. You may change the SELinux mode to active at any time after booting.

If you choose the Disabled mode for SELinux, Fedora does not configure the access control system at all. To make SELinux active later, from the main menu, select Desktop->System Settings->Security Level and Firewall.

	Changing the SELinux policy
	SELinux is unique in that it cannot be bypassed, even by the system administrators. You can configure the behavior of SELinux with the system-config-securitylevel utility. From the main menu, choose Desktop->System Settings->Security Level and Firewall.