FC6 SELinux issues
Gene Czarcinski
gene at czarc.net
Thu Oct 5 18:51:28 UTC 2006
On Thursday 05 October 2006 10:29, Daniel J Walsh wrote:
> MLS Policy is a server only policy. IE We don not support X-Windows.
> So if you want to change to MLS you need to remove all X-Windows
> software and relabel. Then it should work, but you need to understand
> how an MLS environment works.
OK, I can understand that. However, the release notes (or some other release
documentation) should point this out. Given this situation and vmware, I
will create some server-only guests to try things out.
>
> Strict policy is not heavily tested in Fedora. Most people run
> targeted. We will look at any problems that you have with it, though.
Ditto on documentation. When I first tried SELinux in FC2, "strict" was it
but everything more or less worked.
At this point, I have no idea as to the kernel panic cause on the Dell 350 and
may not be able to address that given other circumstances. However, I did
notice that a number of services did have startup and/or shutdown
problems ... this occurred on both strict and mls although at this point I do
not know if they are the same services.
>
> There is not that much difference between strict and targeted policy at
> this point on the system space side and I want to work on adding
> Userspace confinement via targeted policy and booleans in the future.
> So people can begin to confine userspace if they so choose.
Given the same services, some do not work properly under strict but function
just fine under targeted.
--
Gene
More information about the fedora-selinux-list
mailing list