Re: SELinux Understanding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karl Larsen wrote:
Thomas Cameron wrote:
On Sat, 2007-10-13 at 05:38 -0600, Karl Larsen wrote:

That's called coincidence, not proof.

    I think your trying to protect SELinux. I don't know why.
No, it's pointing out the obvious.  The issue you had was NOT - repeat
NOT - an issue with SELinux.

A lot of people a lot smarter than you have said so, you bring NO proof
to the list, just supposition based on coincidence.

I've tried to be polite to you out of respect to my elders, but you are
just full of shit and won't listen to folks who know a bunch more than
you do.

Get this through your head:  Your issues are NOT due to SELinux.  I
don't know what you did, but you are the kind of user that sysadmins
HATE because you go in and jack up your system and then blame the system
or the admin.

Listen to those who know more than you do, OK?

Thomas

   Listen you fat head jerk! You brought nothing but your gut feeling
that SELinux can't be the cause period.

   Well your almost right. But you have no idea why. You do not know why
your right. Or what that means. I will not turn SELinux back on until a
Bug is fixed in F7 8-)





Karl,

When you turned on SELinux the AVC's were being logged to
/var/log/audit/audit.log  This is where setroubleshoot and other tools
grab the AVC messages.
   Those that I presented are from /var/log/messages.
When you go from disable to enabled, the entire system needs to be
relabeled.  This can take a long time to happen since the entire file
system is walked.   After relabeling your system should work properly.
Yesterday I changed SELinux from off to full enforce. It booted up fine this morning and I really can't tell it is on. But it did take 30 minutes to label all the directories.
I would make sure that you have updated to the latest policy for Fedora
7, and if you are running something like NIS you might need to turn on
certain selinux booleans.
I have every update for F7 on this machine now. I have no idea what NIS is.
setsebool -P allow_ypbind 1

Which will allow your system to use NIS.

The  bugs/avc's you reported earlier do not look like SELinux was going
nuts.

SELinux was not nuts. It was sending endless messages to dbox which was mal-functioning. There is a bug in dbox.
It is also feasable that you are running a file system reiser?  that
SElinux does not support.  Or there is some problem that adding of file
context to your machine triggered.

   Nope all my file systems are EXT3.
I have not heard of SELinux in permissive mode causing the types of
problems that you say occured on your machine.

I think I got a SELinux update the day before the problem. This caused SELinux to send out new data and the bug hit. Every time I get a SELinux update I will relabel the files.



Dan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHE3pNrlYvE4MpobMRAoUeAKC6RYl3jMY2tTg07m/eG9mZPXMeUQCfVN/S
Y57/t5wyJCUFIa66VD6VWjg=
=y2mg
-----END PGP SIGNATURE-----



--

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux