Tim: >> Did you follow the above? [about SELinux context relabelling] Michael Klinosky: > No. I have no clue what any of this means. Should I have to do this > every time I install a distro? Why have I not read anything about it (on > linux maillists or help websites)? > > What is this label concept, and why would I need to relabel any files? It's SELinux you want to read up on. The premise behind it is to add restrictions on top of the Unix permissions. So that some things cannot read or write the files. e.g. password files being unable to be webserved out, even if someone's dumb enough to make them world-readable. The SELinux contexts outline what the files are for (personal files, system files, webservable files, etc.), and that determines what you can do with them. Generally things work fine, but if there's a mixup, you might have to relabel the files. There's a master set of rules which says what contexts should be applied to files where, the auto-relabel restores that. It's just luck of the draw that you've not seen anything about it. Little mailing list wars do pop up, from time to time, about how it got in the way of something, that you should fix things rather than just disable it as gets commonly advised (my handbrake doesn't work properly, well just get rid of it...), that it (allegedly) can't really do what it claims, and other conspiracy theories... >> So, if the problem is that some files are mislabeled, it'll be >> corrected. > How would they have gotten mislabeled? By running software that creates files, and that software not being aware of SELinux. By not directly creating files. e.g. You rename a file to replace a file - the old file still has its proper SELinux contexts, but the one you put in its place (by renaming things), doesn't. Or, you create a new file in, say, your home space, then copy it over to where it's supposed to be. It has your homespace contexts, instead of the proper contexts for what it is. It adds a new layer of complexity to things, but the silver lining to that cloud is some beefing up of security. e.g. Your computer is less likely to get exploited thanks to a bug with your web browser or web server (it helps protect clients and servers). I would have directed you to a document about SELinux that I found to be fairly comprehensive, but the turning of the Fedora website into a wiki has made it damn near impossible for me to find anything. This is the best that I could quickly find, and just looking at it presented a labyrinth of things to go through: <http://fedoraproject.org/wiki/SELinux> I find wikis not too bad, generally, when each page is coherent in themselves. But when you need to read a pile of disparate pages to comprehend a subject, they just plain suck. There's, often, if not usually, no linear order to follow, and you go around in circles, often bypassing something important. -- (This box runs FC5, my others run FC4 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
