FC2T2: 2 questions

[Alexander Volovics]

On Wed, Mar 31, 2004 at 03:04:50PM +0200, Leonard den Ottolander wrote:
 
> > - I configured SElinux as 'permissive' during install in the hope
> >   that everything would work as in previous versions of RH/Fedora
> >   and I would just get warnings if things had changed.
> >   But, for example, I could not start the 'system-config-*' apps
> >   from the menu and had to run them as root in a terminal.
> >   Changing SElinux to 'disabled' fixed this.
> >   Is this a deliberate policy configuration or a bug?
 
> What does your system log tell you about this? Any selinux warnings?

If the numerous 'audit: avc: denied' entries are selinus warnings, yes.
I have whole colonies, for example:
kernel: audit(1080722514.102:0): avc:  denied  { search } for  pid=1842 exe=/bin/su name=root dev=hda2 ino=294913 scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t tclass=dir

I don't have the energy to delve into this mess in any detail.
I have skimmed all the selinux faq's and intro's but non of them
has a really clear and systematic overview of selinux and it's usefulness
for a home pc connected to the internet, a systematic overview of
the config files, what should be configured and to what purpose.

Alexander