On Sunday 23 September 2007, Arthur Pemberton wrote: >On 9/23/07, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: >> On Sat, 2007-09-22 at 18:00 +0000, Beartooth wrote: >> > And thereby hangs an old sad tale. I looked at that -- and found >> > it utterly incomprehensible. >> >> I think the naming of the contexts, themselves, were a really bad >> incomprehensible thing. >> >> Looking in my home space, things have: user_u:object_r:user_home_t >> >> What's a user_u, or object_r, or user_home_t? >> >> Or a PNG file in my webserver directory: >> user_u:object_r:httpd_sys_content_t >> >> They're not at all intuitive. What's a "u," "r," or "t"? I've no >> choice but to read a manual to work that out, I couldn't even guess at >> it. But a quick look through a few of the SELinux manuals doesn't >> explain what any of it means. > >It takes less that a minute to find out 'man chcon'' : >http://linux.die.net/man/1/chcon True, but how long does it take to find out that the man page you should be reading is a name from some dialect of swahili called chcon? >u -> user >r -> role >t -> type > >Manual modification of the security contexts aren't really expected of >most people. BS. If we, the installers, don't know what a file does, maybe. But if we install something to do a job, such as heyu, then we are generally smart enough to adjust the perms so it can work as intended. We just need to know how and what to do rather than playing the 10,000 monkeys writing Hamlet game, only to find we got the Barber of Seville. Aka now its really fscked up. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) One planet is all you get.