----- Original Message ---- From: Karl Larsen <k5di@xxxxxxxxxx> To: For users of Fedora <fedora-list@xxxxxxxxxx> Sent: Friday, October 12, 2007 4:31:44 PM Subject: Re: SELinux Understanding Antonio Olivares wrote: > --- Karl Larsen <k5di@xxxxxxxxxx> wrote: > > >> While reading the man selinux I found the part >> that makes me think >> that this software may not be ready for a desktop >> user. Here it is: >> >> FILE LABELING >> All files, directories, devices ... have a >> security context/label >> asso- >> ciated with them. These context are stored >> in the extended >> attributes >> of the file system. Problems with SELinux >> often arise from >> the file >> system being mislabeled. This can be caused >> by booting the >> machine with >> a non selinux kernel. If you see an error >> message containing >> file_t, >> that is usually a good indicator that you >> have a serious >> problem with >> file system labeling. >> >> The best way to relabel the file system >> is to create the >> flag file >> /.autorelabel and reboot. >> system-config-securitylevel, also >> has this >> capability. The restorcon/fixfiles >> commands are also >> available for >> relabeling files. >> >> Now I have used some of these ideas today. The list >> suggested and I did. >> But this stuff is not the kind of thing a person not >> using Linux in >> business wants to know about. >> >> Using all these fixes need your computer running and >> up so you can do >> them. But I guess you could come up in a rescue CD >> and do these commands >> if you remember them. >> >> So why would a desktop user ever want to run SELinux >> > > Because it comes with Fedora whether you like it or > not. You have 3 options, *** this has been stated X > number of times in previous selinux related threads > *** > > 1) run selinux disabled > 2) run selinux permissive > 3) run selinux targeted. > > Option 1 and 2 are what most users that do not like > selinux use in order to continue using Fedora, > > For option 3 to work, you need to work cooperatively > and use setroubleshooter and diagnoze and correct > issues with it. Report bugs and use it wisely. It > can be a pain in the glass, but you have to remember > that it is an extra layer of protection, you only have > it there to protect you and not hurt you. IF it > bothers you, run it in disabled mode or permissive > mode. > > The issue(s) of Selinux here on the list have been > discussed many times, have you not seen many posts > about it. Why come back to it and create more trouble > for the people on this list? > > Understanding Selinux is very hard, do what > setroubleshooter recommends, if it does not work, > complain and join selinux list and ask for help, if > you do not want to help out fix the problems that you > and others might have, just run it disabled and there > you go. There are many things in life that are very > hard to understand, please take more time to reflect > on your actions. > > BTW, you are becoming very famous Karl, even on the > Fedora page for PulseAudio the new sound system for > Fedora 8 mentions your name in the > > Usage cases/rationale > > http://fedoraproject.org/wiki/Releases/FeaturePulseaudio > > Unless it is another Karl then I am sorry for > mentioning it :( > > If it is indeed you, then enjoy your moment in the > limelight :) > > Regards, > > Antonio > > > > ____________________________________________________________________________________ > Pinpoint customers who are looking for what you sell. > http://searchmarketing.yahoo.com/ > > No that is another person with the name Karl either first middle or last. I do all that stuff with VLC. > Ok then, selinux has problems with vlc or vice versa: https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00043.html Something about a heap. What is a heap? Mr. Walsh answered me with https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00044.html but I do not know/have the knowlegde of a heap. Mplayer and xine do not complain, but why vlc which is the first time I have it on the linux side. Vlc does not compile from source, xine does not compile from source, only mplayer does and there is a new version out an rc2 version. This is the summary of the complaint: Summary SELinux is preventing /usr/bin/vlc from changing the access protection of memory on the heap However, Mr Nicolas (kwizart) has answered the following. https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00045.html -- Karl F. Larsen, AKA K5DI Linux User #450462 http://counter.li.org. -- Regards, Antonio ____________________________________________________________________________________ Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/