How best get rid of SELinux?

[Tim]

On Sun, 2007-09-23 at 02:24 -0500, Arthur Pemberton wrote:
> * With setrobuleshoot now runnings, Tim recreates the event. and
> setroubleshoot prints a message to /var/log/message asking Tim to run
> a specific command for information on the SELinux denial, and how to
> fix it.
> * Tim copies and paste the command into a terminal and hits RETURN
> * Tim is given a brief break down on why SELinux denied this
> particular action
> * Tim is also given the exact command necessary to fix the problem
> which he copies and pastes into a terminal and executes
> * Tim attempts http://localhost/test.html again, and it works 

The problem with the troubleshooter, is that it still spews out some
bizarre information that you have to take on faith.  There are a lot of
people who'll be presented with a command to fix the problem, which
they'll do without any due consideration whether that thing should have
been denied.  Just the same as Windows users who just allow everything
the firewall asks them about.

Fair enough if you're trying to webserve a file, it denies it, and you
follow the information.  You know you want to allow that, it's something
that you're in the middle of doing.  But the other warnings it throws up
about the things happening in the background sure leave a lot to be
desired.  You don't know if you're persuing a bug in SELinux, or what
SELinux is warning you about.  It's full of jargon.

-- 
[tim at bigblack ~]$ uname -ipr
2.6.22.5-76.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.