Fedora Core 4

Sean Middleditch elanthis at awesomeplay.com
Mon Jan 17 14:56:34 UTC 2005 

On Mon, 2005-01-17 at 08:44 -0600, Chris Adams wrote:
> Once upon a time, Sean Middleditch <elanthis at awesomeplay.com> said:
> > That doesn't make much sense - there is no good reason at all for a user
> > to need to muck around with SELinux to perform basic file sharing, and
> > general administration tasks are going to need more than simply setting
> > contexts in Nautilus.
> 
> Setting up CGI scripts to run under Apache is a fairly common task for
> webservers and requires setting the file context if scripts are not in
> cgi-bin (allowing *.cgi and/or *.pl to be CGI scripts is fairly common).

Understood - but there's absolutely no reason for Nautilus to be able to
do that.  It's an admin task, let admin tools (i.e., the shell) do it.

> 
> > Besides, changing them in Nautilus *WILL* break the system, because the
> > second a package upgrade for selinux policies comes in and restorecon is
> > run all of their customized settings will be erased.
> 
> Does that reset every context on the system, including on non-RPM files?
> If so, that's going to be highly confusing to both users and system
> administrators.  What is the point of even having the chcon command if
> everything will be reset to some config file contents at arbitrary
> times?  Just load the config file into the kernel and use it directly.

I never said SELinux is easy to configure.  I just stated how it works.
It's actually essential that restorecon resets all files, according to
the SELinux experts I last spoke with, since that means that an "SELinux
security expert" (i.e. a relatively small handful of SELinux developers)
can look in one place to check the available flow of information and
privileges in the system; if you could change individual files then
you'd really have no way to know what files had what contexts without
expensive whole-system searches.  (Granted, I think then that the file-
systems people use should be "fixed" to make it not-so-expensive and to
get rid of duality and complexity in SELinux configuration, but that's
of course not technically feasible for Red Hat to pull off in FC4.)

More information about the fedora-devel-list mailing list