Re: selinux is a pain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.

Let's clarify what you've written...  You are, now, trying to run a
system with SELinux enabled, that was previously running with it
disabled.  The same files on the drive, just changing the SELinux
setting.  Is that right?

If so, no wonder you're having grief.  While SELinux was off, your
system was writing files without setting any SELinux contexts.  So,
those files are just default files.  Now that SELinux is on, there's no
contexts written in the file attributes that would tell SELinux to allow
access, so the default (for safety) action is to disallow it.

On the other hand, if the system had been running with SELinux, all the
time.  Then all those files that were written to the drive would have
had the normal SELinux contexts applied to them.  So things should
simply "just work," barring the occasional error (e.g. someone forgot to
make a rule to set the right context; or the software programmer tried
to do something less than smart, expecting full access, when they
shouldn't be trying that).

Or, by re-install, do you mean that the system was installed with
SELinux running normally, and you installed your user files in the same
manner?  Then things should simply just work.  Though verbatim copying
over user files with (preset) default SELinux contexts would still be a
problem.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux