Request to re-add option to disable SELinux - compromise
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 9 15:04:28 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ralf Corsepius wrote:
| On Wed, 2008-07-09 at 09:57 -0400, Daniel J Walsh wrote:
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Ralf Corsepius wrote:
|> | On Wed, 2008-07-09 at 11:58 +0200, Nils Philippsen wrote:
|> |
|> |> One question nobody has been able to answer to my satisfaction
yet: Why
|> |> would it be essential that SELinux can be disabled from the installer
|> |> vs. from the installed system?
|> | One point: Once SELinux had been active, it can cause problems, despite
|> | it had been disabled, afterwards:
|> | C.f.: https://bugzilla.redhat.com/show_bug.cgi?id=453365
|> |
|> | Ralf
|> |
|> |
|> This is a bug in code, and I am not sure this would not have happened if
|> SELinux was disabled in the first place.
|
| Neither am I.
|
| My point is: kernel-/filesystem-side of SELinux apparently is not
| entirely transparent to applications and may disturb "arbitrary, known
| to work" applications, even if SELinux is off.
|
| In my case, I repeatedly had SELinux active on the machine exposing the
| issue from the BZ, and had encountered the broken "patch" after having
| switched SELinux off.
|
| Having a look into the patch, which seems to have fixed "patch", I am
| inclined to think the actual cause for this breakdown is inside of the
| kernel or the filesystem.
|
| Ralf
|
|
Well the problem was in the patch code, that did not check to see if
SELinux was disabled or not. When it tried to SELinux stuff, with
SELinux disabled it failed. Simple bug in the patch code.
So this bug will happen whenever SELinux was disabled. Whether or not
you disabled it during install or post install. So your example of why
SELinux needs to be able to be disabled in Anaconda is flawed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkh003wACgkQrlYvE4MpobNx5QCgpkyhXFAkQuiRQ5maL04chZnO
otIAnRKecZmITBKhzDm+HBTAVNn8aQZp
=q8No
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list