Tim wrote:
On Fri, 2007-10-12 at 14:38 -0600, Karl Larsen wrote:
FILE LABELING
All files, directories, devices ... have a security context/label
associated with them. These context are stored in the extended
attributes of the file system. Problems with SELinux often arise from
the file system being mislabeled. This can be caused by booting the
machine with a non selinux kernel. If you see an error message containing
file_t, that is usually a good indicator that you have a serious
problem with file system labeling.
Now I have used some of these ideas today. The list suggested and I did.
But this stuff is not the kind of thing a person not using Linux in
business wants to know about.
Well, how many business users, that aren't computer savvy enthusiasts do
you expect to be dual-booting with different kernels? You'll probably
find that not-only do many business users not do anything near the
complexity of that, many don't even bother with installing any updates.
Normally, you can expect SELinux to be something that just happens in
the background, along with a thousand other things that you don't know
about your computer. Also, there's a plethora of *other* things that
can go wrong that can be just as flumuxing to the user.
So why would a desktop user ever want to run SELinux :-)
For added security. This has been discussed to death, and not too long
ago. Go back and read the old threads about it.
The sky is NOT falling.
I agree with what you say. There is a whole lot I do not understand.
But by necessity I have become well versed about SELinux and have it
turned off. So this is one thing that is not going to cause the next
time my linux fails.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.