SELinux survey (was RE: Stupid F7 boot loop)
Nigel Henry
cave.dnb at tiscali.fr
Fri Aug 31 15:19:50 UTC 2007
On Thursday 30 August 2007 11:20, Rahul Sundaram wrote:
> Andrew Kelly wrote:
> > At any rate, let's assume that SELinux is mature and ripe, that it
> > interferes with nothing and there are no more issues with updates and
> > whatnot. It's landed, and can be deployed without worry.
> > What exactly do I gain by doing it? What have I protected myself from?
>
> If you understand what SELinux is, the gain is immediately obvious. Here
> is a recent article
>
> http://www.redhatmagazine.com/2007/05/04/whats-new-in-selinux-for-red-hat-e
>nterprise-linux-5/
>
> Rahul
Hi Rahul
Thanks for the link to that article above. For the first time when installing
a distro, I'd left Selinux enabled (enforcing) for Fedora 7. There had been
no problems, but today I tried to FTP into it from the other machine with no
success. I ran tail -f /var/log/messages on fedora 7, and tried to FTP in
again from the other machine, and immediately saw it was an Selinux problem.
The article showed setroubleshoot, so I thought I may as well try and fix the
problem, so I fired it up, and it showed how to fix the FTP problem with a
simple: (if I've remembered the command correctly)
setbool -P ftp_user_dir=1
It worked like magic. I hope any other Selinux problems that crop up on Fedora
7 are as easy to fix.
All the best.
Nigel.
More information about the fedora-list
mailing list