On Wed, 2008-07-09 at 10:58 -0400, Chuck Anderson wrote: > On Wed, Jul 09, 2008 at 09:52:49AM -0500, Callum Lerwick wrote: > > Because booting with selinux enabled after installing onto a > > filesystem such as reiserfs that doesn't work with selinux results in > > epic fail. As in, you can not log in. Though you can get around this > > by booting with selinux=0 on the kernel command line... > > I think reiserfs supports selinux now. Unfortunately not. It did briefly, but then things broke again. reiserfs support has never been a priority for the selinux maintainers, and selinux support was never a priority for the reiserfs maintainers. I believe though that all of the other major filesystems should work with selinux these days (ext[2-4], jfs, xfs, jffs2, gfs2); if not, that's a bug that should be reported. > > Though I haven't done this since something like FC6. I migrated to > > ext3 so I could use selinux. > > > > And while I'm at it, I'll provide a counterpoint and point out that > > I've run all my machines, including my wife's laptop, with selinux > > enabled since FC6. I've never, ever run in to any problem. Ever. I > > don't know what you people are doing, but you must be doing it wrong. > > Not wrong, just out of the norm. If you keep things in the standard > directories and use mostly default configs, you generally don't have > problems. But these days users should be able to address such deviations from the norm by running a couple of semanage commands (or system-config-selinux if they prefer GUIs) and/or creating a local loadable policy module using audit2allow. -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
