[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux last straw



>     I am pleased your many computers were not effected by the selinux
> update. I have no idea what is special about my computer but it is and
> I, just an old EE am not capable of figuring out what it is so I can run
> selinux. A sure fix EVERY time is to turn off selinux, relabel selinux
> and forget selinux. I am wondering why I have to relabel the stupid thing.
>
>
>         Karl F. Larsen, AKA K5DI

Your lack of knowledge of SELinux prevents you from answering your own
questions (i.e. "I am wondering why I have to relabel the stupid
thing.").  That same lack of knowledge should prevent you from
asserting as fact that SELinux is responsible for all your woes (which
is very different than if you posted that you suspect SELinux -
whether through misconfiguration or otherwise - may be playing a role
in your woes based on A, B, and C).  Lamar hopefully provided you with
a solid example (I'm guessing, it's not my area of expertise but I
gather EE is his and yours) closer to home as to why you should
refrain from concluding as fact the cause of your woes.  Jonathan made
an equally important point that your system was compromised not that
long ago but as best as we know from what you've told us you did not
wipe and re-install.  You cleaned up what you thought needed to be
cleaned up thus not knowing with 100% certainty that your box is no
longer owned by someone else.  And not knowing with 100% certainty
that your woes aren't potentially the result of some configuration
changes made by the hacker in an attempt to keep a few doors/windows
open to your system in the event you closed and locked a few of them.

If something happened that required SELinux to relabel, from what I
understand from reading the posts on this issue (I run it in
permissive mode due to lack of time to get to know it well enough to
configure it properly - not mission critical system hence not a
priority at this point in time), then that would explain a longer boot
time during this relabeling process.

If you don't properly understand SELinux (which you appear to admit
that you do not which makes you part of the larger percentage of users
so no shame there) and you don't feel you need it and are frustrated
by the bumps in the road "apparently" being caused by it then do
yourself a favour (ultimately doing this list a favour) and stick to
your guns and keep it disabled.  And please resist from replying to
future postings on SELinux.  Leave that for the ones who are using it
and understand it sufficiently well to answer such postings accurately
and with authority.

I leave you with this analogy...
Your have a peddle bike with a loose chain.  You end up with a flat on
the rear tire.  You remove the tire and replace the tube then replace
the tire ensuring the chain is not loose.  You don't get any more flat
tires.  You conclude "a loose chain causes a flat tire".  But in
reality the chain was loose because the nuts on the rear tire were
loose because someone tried to steal your tire but was interrupted -
thus causing the tire to slip forward slightly.  This caused the tire
to rub against a screw that was protruding (which was there to hold
the new after market fender you installed on the rear tire so you
wouldn't get mud splattered on your back when ridding the trails).
This ultimately lead to a flat tire.  You repair the tire and replace
it, tightening the chain in the process by pulling the rear tire back
to its proper position.  Unknown to you the screw no longer rubs
against the tire and the nuts are now tight thus the tire won't slip
forward so no more flat tires.  You conclude that a loose chain is
what caused your flat tire.  Next time someone complains of a flat
tire you tell them it MUST be because of a loose chain.

See the problem with that conclusion?  The same applies to your
SELinux conclusions.  Unless you know everything that is happening
behind the scenes, and unless you are dealing with a reproducible
error, it is difficult to conclude with the degree of certainty that
you've demonstrated that SELinux is responsible for your problems.

Jacques B.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]