Tom Needs a Hat Mitchell wrote:
I set up the SELinux on one system and noticed that I posted earlier when I had a Fedora Core 1 system that had SELinux on it.On Tue, Mar 09, 2004 at 08:47:26PM -0500, Jim Cornette wrote: ....
I can see this with users wanting no passwords and wanting to run as root user. If some practical security was not mandated, Linux would have ended up pretty dangerous with malware attacks. I'll probably try out SELinux shortly. I was sitting back and reading the list before I actually tried to set it up.Just as many cities have code requirements for walls and external doors this can be a good thing.
In this building code case, I was thinking about security and fire safety.
Many city fire/ building codes require thicker drywall for the garage and the kitchen. Drywall is a good insulator and will slow the progress of a fire. The garage and the kitchen both have fuel and potential sources of ignition.
External doors will be thicker and have a solid core. Internal closet doors will have a hollow core and be lighter and thiner. Some cities require steel cased insulated doors between the home and the garage. That SUV with 40 gallons of gas parked next to a natural gas water heater is interesting. Then there is the fuel can for the lawn mower, old paint, lawn and pool chemicals...
As you walk through an apartment building, your home, your office etc. pay attention to the different types doors and door locks. Think about how the concept of doors and door locks applies to your computer. Check the price differences in a home improvement center.
What happened on the Fedora Core 1 system with SELinux installed on it, I was not able to log into either the root or into the regular user accounts.
After installing SELinux on the new computer. I was able to log into root, but not into the regular user account.
After setting up the SELinux system with the needed programs and running the initial setup with "make" and "make relabel" while in runlevel 1 and within the proper directory, I logged into root and there was a default policy for root that prompted me if I wanted to change it. I kept the policy and logged into root without trouble.
When I logged into the regular user account, I had error messages on the terminal, but was able to log in and run GNOME. When logging out though, I ended up getting an error dialog box saying that some user was not found.
The whole SELinux deal sounds pretty boring to test out. I can see with your example regarding external barriers needing to be stronger than local policies to prevent "external fire hazards" from invading the less voltile and safer environment.
I haven't posted to the SELinux list yet. It seems that a lot of people are more interested in the fun things and are not on the list yet.
Done here, with SELinux,
Jim
-- You have an ability to sense and know higher truth.