From Fedora Project Wiki

(small fixes and ready for PR)
(113 intermediate revisions by 19 users not shown)
Line 1: Line 1:
== Security ==
This section highlights various security items from Fedora.
=== Security Enhancements ===
[[Category:Docs Project]]
[[Category:Draft documentation]]
Fedora continues to improve its many proactive security features.
[[Category:Documentation beats]]
=== SELinux ===
The SELinux project pages have troubleshooting tips, explanations, and pointers to documentation and references.  Some useful links include the following:
* New SELinux project pages:
* Troubleshooting tips:
* Frequently Asked Questions:
* Listing of SELinux commands:
* Details of confined domains:
=== SELinux Enhancements ===
Different roles are now available, to allow finer-grained access control:
* <code>guest_t</code> does not allow running <code>setuid</code> binaries, making network connections, or using a GUI.
* <code>xguest_t</code> disallows network access except for HTTP via a Web browser, and no <code>setuid</code> binaries.
* <code>user_t</code> is ideal for office users: prevents becoming root via <code>setuid</code> applications.
* <code>staff_t</code> is same as <code>user_t</code>, except that root-level access via <code>sudo</code> is allowed.
* <code>unconfined_t</code> provides full access, the same as when not using SELinux.
Browser plug-ins wrapped with <code>nspluginwrapper</code>, which is the default, are confined by SELinux policy.
=== Security Audit Package ===
'''Sectool''' provides users with a tool that can check their systems for security issues. There are libraries included that allow for the customization of system tests. More information can be found at the project home:
=== General Information ===
A general introduction to the many proactive security features in Fedora, current status, and policies is available at

Latest revision as of 01:33, 20 September 2016

DocsProject Header docTeam1.png

Beat Closed on Wiki
Work on beats has now moved to git at If you have changes or additions, please contact the docs team via #fedora-docs,, or with the release-notes BZ component.