SELinux Understanding

Daniel J Walsh dwalsh at redhat.com
Mon Oct 15 14:33:50 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Karl Larsen wrote:
> Thomas Cameron wrote:
>> On Sat, 2007-10-13 at 05:38 -0600, Karl Larsen wrote:
>>
>>  
>>>> That's called coincidence, not proof.
>>>>
>>>>         
>>>     I think your trying to protect SELinux. I don't know why.
>>>     
>>
>> No, it's pointing out the obvious.  The issue you had was NOT - repeat
>> NOT - an issue with SELinux.
>>
>> A lot of people a lot smarter than you have said so, you bring NO proof
>> to the list, just supposition based on coincidence.
>>
>> I've tried to be polite to you out of respect to my elders, but you are
>> just full of shit and won't listen to folks who know a bunch more than
>> you do.
>>
>> Get this through your head:  Your issues are NOT due to SELinux.  I
>> don't know what you did, but you are the kind of user that sysadmins
>> HATE because you go in and jack up your system and then blame the system
>> or the admin.
>>
>> Listen to those who know more than you do, OK?
>>
>> Thomas
>>
>>   
>    Listen you fat head jerk! You brought nothing but your gut feeling
> that SELinux can't be the cause period.
> 
>    Well your almost right. But you have no idea why. You do not know why
> your right. Or what that means. I will not turn SELinux back on until a
> Bug is fixed in F7 8-)
> 
> 
> 
> 
> 
Karl,

When you turned on SELinux the AVC's were being logged to
/var/log/audit/audit.log  This is where setroubleshoot and other tools
grab the AVC messages.

When you go from disable to enabled, the entire system needs to be
relabeled.  This can take a long time to happen since the entire file
system is walked.   After relabeling your system should work properly.

I would make sure that you have updated to the latest policy for Fedora
7, and if you are running something like NIS you might need to turn on
certain selinux booleans.

setsebool -P allow_ypbind 1

Which will allow your system to use NIS.

The  bugs/avc's you reported earlier do not look like SELinux was going
nuts.

It is also feasable that you are running a file system reiser?  that
SElinux does not support.  Or there is some problem that adding of file
context to your machine triggered.

I have not heard of SELinux in permissive mode causing the types of
problems that you say occured on your machine.

Dan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHE3pNrlYvE4MpobMRAoUeAKC6RYl3jMY2tTg07m/eG9mZPXMeUQCfVN/S
Y57/t5wyJCUFIa66VD6VWjg=
=y2mg
-----END PGP SIGNATURE-----




More information about the fedora-list mailing list