On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote: > I reinstalled (better hardware) a server and had selinux enabled (was > disabled before), and I starting to see why so many people don't use > selinux. Let's clarify what you've written... You are, now, trying to run a system with SELinux enabled, that was previously running with it disabled. The same files on the drive, just changing the SELinux setting. Is that right? If so, no wonder you're having grief. While SELinux was off, your system was writing files without setting any SELinux contexts. So, those files are just default files. Now that SELinux is on, there's no contexts written in the file attributes that would tell SELinux to allow access, so the default (for safety) action is to disallow it. On the other hand, if the system had been running with SELinux, all the time. Then all those files that were written to the drive would have had the normal SELinux contexts applied to them. So things should simply "just work," barring the occasional error (e.g. someone forgot to make a rule to set the right context; or the software programmer tried to do something less than smart, expecting full access, when they shouldn't be trying that). Or, by re-install, do you mean that the system was installed with SELinux running normally, and you installed your user files in the same manner? Then things should simply just work. Though verbatim copying over user files with (preset) default SELinux contexts would still be a problem. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
