[Fwd: Wikipidia - Goodbye Red Hat and Fedora]

Dominik 'Rathann' Mierzejewski dominik at greysector.net
Wed Oct 15 10:45:14 UTC 2008


On Wednesday, 15 October 2008 at 00:36, David P. Quigley wrote:
> On Tue, 2008-10-14 at 11:32 +0200, Dominik 'Rathann' Mierzejewski wrote:
> > SELinux is another subject for a good rant. Example: I created /var/log/dovecot,
> > chowned it to dovecot user and configured it to put its logs there. Bang!
> > SELinux denial. There's no easy way to fix it permanently either and SELinux
> > tools documentation is akin to arcane knowledge. Unless you're familiar with
> > all the terminology, you won't understand it.
> > 
> [snip]
> 
> Permanent fix which survives relabels.

And how do you know that? I can't find anything about it in man semanage.

> /usr/sbin/semanage fcontext -a -t dovecot_var_log_t /var/log/dovecot
> /sbin/restorecon -v /var/log/dovecot

You mean there's no generic "allow-owner-to-write-in-their-own-directory"
setting? That's just great. So how do I find out the magic incantation
for another application?

> SELinux documentation has been lacking in the past but Red Hat has hired
> someone to write proper documentation for SELinux and it is getting
> better every day. In an article on LWN I answered this question[1]. In
> addition to this someone also linked the page below which contains quite
> a bit of information that this person gathered when learning about
> SELinux[2]. If you are willing to take the time to go through some of
> his stuff you will realize SELinux really isn't as difficult as people
> make it out to be, it's just that its not what they are use to. You
> already know to set one set of permissions on the file when you create
> it you just have to realize there is a type that needs to be set as
> well.
> 
> [1]http://lwn.net/Articles/290168/
> [2]http://equivocation.org/selinux

Ah. Isn't that obvious? An LWN article and some random website as the canonical
source of SELinux documentation. Of course that's the first place anyone will
look.

At least put it in policycoreutils package docs. There's nothing apart from
manpages there and these are quite uninformative. Or put those articles (or
link to them) on Fedora wiki. Please.

Regards,
R.

-- 
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
        -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"




More information about the fedora-devel-list mailing list