selinux breaks fish/sftp in konqueror?
Daniel J Walsh
dwalsh at redhat.com
Wed Apr 7 13:38:26 UTC 2004
Harald Hoyer wrote:
> try booting with "selinux=0 enforcing=0" ... this should completly
> disable selinux
>
> Kepa wrote:
>
>> Hi,
>>
>> After I set grub boot for selinux=0, I found myself unable to use fish
>> and sftp from within konqueror (but sftp would work from within a
>> terminal). Even connections to localhost would not work, no error
>> messages given, just hung interminably.
>>
>> After re-labelling the system and setting selinux=1 I can once again use
>> fish/sftp.
>>
>> Now, is there some way I can totally get rid of selinux? Just, gone, no
>> trace, and I hope to never see it again, without re-installing
>> everything?
>>
>> I'm trying to use fc test2 as a desktop, not a server. I realize it is
>> unstable, but I would like to focus on unstable desktop issues, not
>> server-side. Also, it is hard to be sure if it selinux misbehaving or
>> something else.
>>
>> I must of missed the option not to include it in the install program,
>> but I don't remember anything.
>>
>> Not so sure why the inclusion of selinux, anyway. If FC is supposed to
>> be THE linux desktop, then what need is there for excessive security
>> that will confuse newbies? And as I understand it, since FC is now the
>> beta-test platform for redhat, who would use it as a server OS,
>> anyway? I will stick to RH 9 or bsd for serving, but I want to see FC
>> the best
>> linux desktop out there.
>>
>> Thanks,
>>
>> Kepa
>>
>>
>>
>>
SELinux=0 should disable SElinux.
You can verify SELinux is disables by executing a command that looks for
the security context
ls -Z
or by executing
getenforce
If things are not working with selinux=0 in the grub entry. They you
have a non-selinux related problem.
Enforcing=0 turns off enforcing mode of SELinux, but continues to log to
syslog. It actually will give you
more eroneous errors than Enforcing=1, because in enforcing mode a
script might be blocked at the directory
level with a no audit and not try to read the files. In non enforcing
mode it will be allowed to read the directory and
every file it reads will generate a denial message.
Dan
>
>
More information about the fedora-test-list
mailing list