Blocking change to permissive
On Wed, Feb 22, 2012 at 18:41:22 +0100,
Dominick Grift <email@example.com> wrote:
> On Wed, 2012-02-22 at 11:34 -0600, Bruno Wolff III wrote:
> > I remember that once apon a time there was a boolean (or at least a setting
> > in system-config-selinux) that would block root from using setenforce to
> > change from enforcing to permissive mode.
> > I can't seem to find it now on F17. I haven't figured out the correct
> > combo to find this via google.
> It is secure_mode_policyload
selinux mailing list