While reading the man selinux I found the part that makes me think
that this software may not be ready for a desktop user. Here it is:
FILE LABELING
All files, directories, devices ... have a security context/label
asso-
ciated with them. These context are stored in the extended
attributes
of the file system. Problems with SELinux often arise from
the file
system being mislabeled. This can be caused by booting the
machine with
a non selinux kernel. If you see an error message containing
file_t,
that is usually a good indicator that you have a serious
problem with
file system labeling.
The best way to relabel the file system is to create the
flag file
/.autorelabel and reboot. system-config-securitylevel, also
has this
capability. The restorcon/fixfiles commands are also
available for
relabeling files.
Now I have used some of these ideas today. The list suggested and I did.
But this stuff is not the kind of thing a person not using Linux in
business wants to know about.
Using all these fixes need your computer running and up so you can do
them. But I guess you could come up in a rescue CD and do these commands
if you remember them.
So why would a desktop user ever want to run SELinux :-)
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
