--- Karl Larsen <k5di@xxxxxxxxxx> wrote:
While reading the man selinux I found the part
that makes me think
that this software may not be ready for a desktop
user. Here it is:
FILE LABELING
All files, directories, devices ... have a
security context/label
asso-
ciated with them. These context are stored
in the extended
attributes
of the file system. Problems with SELinux
often arise from
the file
system being mislabeled. This can be caused
by booting the
machine with
a non selinux kernel. If you see an error
message containing
file_t,
that is usually a good indicator that you
have a serious
problem with
file system labeling.
The best way to relabel the file system
is to create the
flag file
/.autorelabel and reboot.
system-config-securitylevel, also
has this
capability. The restorcon/fixfiles
commands are also
available for
relabeling files.
Now I have used some of these ideas today. The list
suggested and I did.
But this stuff is not the kind of thing a person not
using Linux in
business wants to know about.
Using all these fixes need your computer running and
up so you can do
them. But I guess you could come up in a rescue CD
and do these commands
if you remember them.
So why would a desktop user ever want to run SELinux
Because it comes with Fedora whether you like it or
not. You have 3 options, *** this has been stated X
number of times in previous selinux related threads
***
1) run selinux disabled
2) run selinux permissive
3) run selinux targeted.
Option 1 and 2 are what most users that do not like
selinux use in order to continue using Fedora,
For option 3 to work, you need to work cooperatively
and use setroubleshooter and diagnoze and correct
issues with it. Report bugs and use it wisely. It
can be a pain in the glass, but you have to remember
that it is an extra layer of protection, you only have
it there to protect you and not hurt you. IF it
bothers you, run it in disabled mode or permissive
mode.
The issue(s) of Selinux here on the list have been
discussed many times, have you not seen many posts
about it. Why come back to it and create more trouble
for the people on this list?
Understanding Selinux is very hard, do what
setroubleshooter recommends, if it does not work,
complain and join selinux list and ask for help, if
you do not want to help out fix the problems that you
and others might have, just run it disabled and there
you go. There are many things in life that are very
hard to understand, please take more time to reflect
on your actions.
BTW, you are becoming very famous Karl, even on the
Fedora page for PulseAudio the new sound system for
Fedora 8 mentions your name in the
Usage cases/rationale
http://fedoraproject.org/wiki/Releases/FeaturePulseaudio
Unless it is another Karl then I am sorry for
mentioning it :(
If it is indeed you, then enjoy your moment in the
limelight :)
Regards,
Antonio
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/
