Re: SELinux Understanding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Antonio Olivares wrote:

--- Karl Larsen <k5di@xxxxxxxxxx> wrote:


    While reading the man selinux I found the part
that makes me think that this software may not be ready for a desktop 
user. Here it is:

FILE LABELING
       All files, directories, devices ... have a
security context/label asso- 
       ciated with them.  These context are stored
in the extended attributes 
       of  the  file  system.  Problems with SELinux
often arise from the file 
       system being mislabeled. This can be caused
by booting the machine with 
       a  non  selinux kernel.  If you see an error
message containing file_t, 
       that is usually a good indicator that you
have a serious problem with 
       file system labeling.

       The  best  way  to  relabel  the file system
is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for 
       relabeling files.

Now I have used some of these ideas today. The list
suggested and I did. But this stuff is not the kind of thing a person not using Linux in business wants to know about. 

Using all these fixes need your computer running and
up so you can do them. But I guess you could come up in a rescue CD and do these commands if you remember them. 

So why would a desktop user ever want to run SELinux


Because it comes with Fedora whether you like it or
not.  You have 3 options, *** this has been stated X
number of times in previous selinux related threads
***

1) run selinux disabled
2) run selinux permissive
3) run selinux targeted.

Option 1 and 2 are what most users that do not like
selinux use in order to continue using Fedora, 
For option 3 to work, you need to work cooperatively
and use setroubleshooter and diagnoze and correct
issues with it.  Report bugs and use it wisely.  It
can be a pain in the glass, but you have to remember
that it is an extra layer of protection, you only have
it there to protect you and not hurt you.  IF it
bothers you, run it in disabled mode or permissive
mode. 
The issue(s) of Selinux here on the list have been
discussed many times, have you not seen many posts
about it.  Why come back to it and create more trouble
for the people on this list? 
Understanding Selinux is very hard, do what
setroubleshooter recommends, if it does not work,
complain and join selinux list and ask for help, if
you do not want to help out fix the problems that you
and others might have, just run it disabled and there
you go.  There are many things in life that are very
hard to understand, please take more time to reflect
on your actions. 
BTW, you are becoming very famous Karl, even on the
Fedora page for PulseAudio the new sound system for
Fedora 8 mentions your name in the 
Usage cases/rationale

http://fedoraproject.org/wiki/Releases/FeaturePulseaudio

Unless it is another Karl then I am sorry for
mentioning it :(

If it is indeed you, then enjoy your moment in the
limelight :)

Regards,
Antonio
____________________________________________________________________________________ Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/
No that is another person with the name Karl either first middle or last. I do all that stuff with VLC. 



--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux