Daniel Vogel wrote:
I run SELinux on all my boxes, including my desktop. It's not a big
hassle because the default targeted policy is aimed at the
daemons,leaving normal user operations running unconfined. If you can
get the daemons sorted out so that the SELinux policy matches the way
you are using them, it doesn't get in the way.
Daniel's issue is that he is using the tftp daemon in a way not
currently covered by policy. He doesn't appear to have the patience to
either tweak the policy to make it work for the way he's using the
system, or to raise the issue on the selinux list or in bugzilla. So
SELinux is not likely to get any better for him unless someone else
has the same issues and works them through, getting the necessary
changes made so that everyone benefits.
First just let me say that i was asking about that, wasn't me who had
problems with tftp.
But im not waiting for anybody to the job that belongs to me, i just
wont use selinux until IT works properly. (why i have to disable it on a
fresh install to make things work?). There are many people that just
turns it off or downgrade it functions to make they'r things work
instead of trying to fix it for 2 mainly reasons:
we'r lazy, or we don't have the time to investigate it and try to fix it.
I insist, why i have to trust on something that i have to tweak to make
it work properly on my computer? I mean, i don't know how to do it, will
take me a lot of time to learn it, so i don't trust on my skills to do
it, (therefore it don't think it'll work fine), so i just prefer to shut
it down, or whatever, to make my services go outside.
And a last thing Paul, i think i need to know a lot more to give an
opinion on how things can be improved. I appreciate a lot so many ppl
helping others, but i don't feel the knoweledge to be one of thems.
Sorry if I caused offence. No coffee before posting this morning.
Many things need to be configured before they work to your satisfaction.
They may have a default configuration that will work for many people,
but lots of people need to configure, say, samba, before it will work
nicely in their environment. SELinux is no different. The default
configuration, as with most security-related packages, is quite
restrictive and needs to be tweaked (e.g. using setsebool) for many
applications. It's just a case of getting familiar with it so that you
know how to tweak it, just like with other packages.
The default configuration of SELinux is *never* going to support upload
in tftp, I'm pretty sure of that. But a request on fedora-selinux-list
or in bugzilla to allow this to be enabled would probably be treated
sympathetically.
Paul.
