-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Terry - Fedora Core wrote: > As I reported on another thread, SELinux has caused me trouble and > blocked access to my hard disks. > > To solve the problem, I set SELinux to "permissive" mode. Am I positive > that SELinux caused the problem of not being able access the hard disks. > No. But then when I set SELinux to permissive mode the problem > disappeared. Not proof, but very strong evidence. > > My question: > > Should I enable SELinux again? > > What do I gain if I do? > > Will the gain be greater than the loss of accessing my computer hard disks? > > And if I do, how do I try to prevent it from locking me out of the hard > disks again? > > How do I determine what caused SELinux to block access, how much trouble > is it to change SELinux to prevent it from doing that again? > > Your insights are appreciated. > > Terry > Look for error messages in /var/log/audit/audit.log. Install setroubleshoot, it will tell you when SELinux is complaining about something and attempt to give you a way to fix it. Most likely the disk you are having problems with is not labeled correcty. SELinux relies on extended attributes containing labels for every file on the system. If a file does not have a label, the kernel says the label is file_t and no confined domains can use the file. You can either label the disk, by executing a command like restorecon -R -v PATHTODDISK Or you can fully relabel the entire system using touch /.autorelabel; reboot Or if you do not want to label the disk you can use the mount command/fstab entry to put a single label for the entire file system. mount -o context="sytstem_u:object_r:default_t:s0" DISK MOUNTPOINT -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkesW+4ACgkQrlYvE4MpobNpBACfW4/15U2VqZv1PxQcG0YAxa5T j7oAnjpnnytDIRB7glrH4kfSnfrOxoY7 =6Dz3 -----END PGP SIGNATURE-----
