Re: fedup and selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/24/2013 10:27 AM, Marko Vojinovic issued this missive:

On Tue, 24 Dec 2013 09:48:38 -0800
Rick Stevens <ricks@xxxxxxxxxxxxxx> wrote:

I've said this before and I'll say it again...permissive mode does NOT
allow ALL access (permissive != disabled, despite what others may
say). If you see selinux deny messages, it's still being denied. I've
seen this bite people a number of times.


Care to give a F18/19/20-working example of this?

IOW, provide a sequence of steps on a clean Fedora install that works
with selinux disabled, while it fails with selinux in permissive mode?


I don't have examples at hand, but I have seen FTP-related stuff, some
upgrades and some other network-related things fail when SELinux is in
permissive mode and work just fine when it's disabled. I never bothered
tracking specifically what they are--it's just when they poop out, I've
disabled SELinux, redone it and it's worked fine. I have then put it
back in permissive mode, looked at the denial messages and put in local
rules to cover them and gone to "targeted" mode.

Permissive does allow most actions, but there are some things it still
denies. I guess "permissive" should be taken literally, like "we're
relaxing most of the rules, but there are some we are going to enforce
as long as we're in charge."

As I said, I don't have examples but the OP on this thread ran into the
same thing I've hit in the past. He went from permissive to disabled and
it worked. I'm just saying that permissive is not the same thing as
disabled.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks@xxxxxxxxxxxxxx -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-         Microsoft Windows:  Proof that P.T. Barnum was right       -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux