SELinux Understanding

[Karl Larsen]

    While reading the man selinux I found the part that makes me think 
that this software may not be ready for a desktop user. Here it is:

FILE LABELING
       All files, directories, devices ... have a security context/label 
asso-
       ciated with them.  These context are stored in the extended  
attributes
       of  the  file  system.  Problems with SELinux often arise from 
the file
       system being mislabeled. This can be caused by booting the 
machine with
       a  non  selinux kernel.  If you see an error message containing 
file_t,
       that is usually a good indicator that you have a serious  
problem  with
       file system labeling.

       The  best  way  to  relabel  the file system is to create the 
flag file
       /.autorelabel and reboot.  system-config-securitylevel, also  
has  this
       capability.   The  restorcon/fixfiles  commands  are also 
available for
       relabeling files.

Now I have used some of these ideas today. The list suggested and I did. 
But this stuff is not the kind of thing a person not using Linux in 
business wants to know about.

Using all these fixes need your computer running and up so you can do 
them. But I guess you could come up in a rescue CD and do these commands 
if you remember them.

So why would a desktop user ever want to run SELinux :-)


-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.