Re: SELinux Understanding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message ----
From: Karl Larsen <k5di@xxxxxxxxxx>
To: For users of Fedora <fedora-list@xxxxxxxxxx>
Sent: Friday, October 12, 2007 4:31:44 PM
Subject: Re: SELinux Understanding

Antonio Olivares wrote:
> --- Karl Larsen <k5di@xxxxxxxxxx> wrote:
>
>  
>>    While reading the man selinux I found the part
>> that makes me think 
>> that this software may not be ready for a desktop
>> user. Here it is:
>>
>> FILE LABELING
>>        All files, directories, devices ... have a
>> security context/label 
>> asso-
>>        ciated with them.  These context are stored
>> in the extended  
>> attributes
>>        of  the  file  system.  Problems with SELinux
>> often arise from 
>> the file
>>        system being mislabeled. This can be caused
>> by booting the 
>> machine with
>>        a  non  selinux kernel.  If you see an error
>> message containing 
>> file_t,
>>        that is usually a good indicator that you
>> have a serious  
>> problem  with
>>        file system labeling.
>>
>>        The  best  way  to  relabel  the file system
>> is to create the 
>> flag file
>>        /.autorelabel and reboot. 
>> system-config-securitylevel, also  
>> has  this
>>        capability.  The  restorcon/fixfiles 
>> commands  are also 
>> available for
>>        relabeling files.
>>
>> Now I have used some of these ideas today. The list
>> suggested and I did. 
>> But this stuff is not the kind of thing a person not
>> using Linux in 
>> business wants to know about.
>>
>> Using all these fixes need your computer running and
>> up so you can do 
>> them. But I guess you could come up in a rescue CD
>> and do these commands 
>> if you remember them.
>>
>> So why would a desktop user ever want to run SELinux
>>    
>
> Because it comes with Fedora whether you like it or
> not.  You have 3 options, *** this has been stated X
> number of times in previous selinux related threads
> ***
>
> 1) run selinux disabled
> 2) run selinux permissive
> 3) run selinux targeted.
>
> Option 1 and 2 are what most users that do not like
> selinux use in order to continue using Fedora, 
>
> For option 3 to work, you need to work cooperatively
> and use setroubleshooter and diagnoze and correct
> issues with it.  Report bugs and use it wisely.  It
> can be a pain in the glass, but you have to remember
> that it is an extra layer of protection, you only have
> it there to protect you and not hurt you.  IF it
> bothers you, run it in disabled mode or permissive
> mode.  
>
> The issue(s) of Selinux here on the list have been
> discussed many times, have you not seen many posts
> about it.  Why come back to it and create more trouble
> for the people on this list?  
>
> Understanding Selinux is very hard, do what
> setroubleshooter recommends, if it does not work,
> complain and join selinux list and ask for help, if
> you do not want to help out fix the problems that you
> and others might have, just run it disabled and there
> you go.  There are many things in life that are very
> hard to understand, please take more time to reflect
> on your actions.  
>
> BTW, you are becoming very famous Karl, even on the
> Fedora page for PulseAudio the new sound system for
> Fedora 8 mentions your name in the 
>
> Usage cases/rationale
>
> http://fedoraproject.org/wiki/Releases/FeaturePulseaudio
>
> Unless it is another Karl then I am sorry for
> mentioning it :(
>
> If it is indeed you, then enjoy your moment in the
> limelight :)
>
> Regards,
>
> Antonio 
>
>
>        
> ____________________________________________________________________________________
> Pinpoint customers who are looking for what you sell. 
> http://searchmarketing.yahoo.com/
>
>  
    No that is another person with the name Karl either first middle or 
last. I do all that stuff with VLC.

>
Ok then, selinux has problems with vlc or vice versa:

https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00043.html

Something about a heap.  What is a heap?

Mr. Walsh answered me with 
https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00044.html

but I do not know/have the knowlegde of a heap.  Mplayer and xine do not complain, but why vlc which is the first time I have it on the linux side.  Vlc does not compile from source, xine does not compile from source, only mplayer does and there is a new version out an rc2 version.  

This is the summary of the complaint:  
Summary
    SELinux is preventing /usr/bin/vlc from changing
the access protection of memory on the heap

However, Mr Nicolas (kwizart) has answered the following.  

https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00045.html


-- 

    Karl F. Larsen, AKA K5DI
    Linux User
    #450462  http://counter.li.org.

-- 


Regards,

Antonio


       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux