[Fwd: Wikipidia - Goodbye Red Hat and Fedora]
David P. Quigley
dpquigl at tycho.nsa.gov
Tue Oct 14 22:36:11 UTC 2008
On Tue, 2008-10-14 at 11:32 +0200, Dominik 'Rathann' Mierzejewski wrote:
> SELinux is another subject for a good rant. Example: I created /var/log/dovecot,
> chowned it to dovecot user and configured it to put its logs there. Bang!
> SELinux denial. There's no easy way to fix it permanently either and SELinux
> tools documentation is akin to arcane knowledge. Unless you're familiar with
> all the terminology, you won't understand it.
>
[snip]
Permanent fix which survives relabels.
/usr/sbin/semanage fcontext -a -t dovecot_var_log_t /var/log/dovecot
/sbin/restorecon -v /var/log/dovecot
SELinux documentation has been lacking in the past but Red Hat has hired
someone to write proper documentation for SELinux and it is getting
better every day. In an article on LWN I answered this question[1]. In
addition to this someone also linked the page below which contains quite
a bit of information that this person gathered when learning about
SELinux[2]. If you are willing to take the time to go through some of
his stuff you will realize SELinux really isn't as difficult as people
make it out to be, it's just that its not what they are use to. You
already know to set one set of permissions on the file when you create
it you just have to realize there is a type that needs to be set as
well.
[1]http://lwn.net/Articles/290168/
[2]http://equivocation.org/selinux
More information about the fedora-devel-list
mailing list