On Wednesday, 15 October 2008 at 00:36, David P. Quigley wrote: > On Tue, 2008-10-14 at 11:32 +0200, Dominik 'Rathann' Mierzejewski wrote: > > SELinux is another subject for a good rant. Example: I created /var/log/dovecot, > > chowned it to dovecot user and configured it to put its logs there. Bang! > > SELinux denial. There's no easy way to fix it permanently either and SELinux > > tools documentation is akin to arcane knowledge. Unless you're familiar with > > all the terminology, you won't understand it. > > > [snip] > > Permanent fix which survives relabels. And how do you know that? I can't find anything about it in man semanage. > /usr/sbin/semanage fcontext -a -t dovecot_var_log_t /var/log/dovecot > /sbin/restorecon -v /var/log/dovecot You mean there's no generic "allow-owner-to-write-in-their-own-directory" setting? That's just great. So how do I find out the magic incantation for another application? > SELinux documentation has been lacking in the past but Red Hat has hired > someone to write proper documentation for SELinux and it is getting > better every day. In an article on LWN I answered this question[1]. In > addition to this someone also linked the page below which contains quite > a bit of information that this person gathered when learning about > SELinux[2]. If you are willing to take the time to go through some of > his stuff you will realize SELinux really isn't as difficult as people > make it out to be, it's just that its not what they are use to. You > already know to set one set of permissions on the file when you create > it you just have to realize there is a type that needs to be set as > well. > > [1]http://lwn.net/Articles/290168/ > [2]http://equivocation.org/selinux Ah. Isn't that obvious? An LWN article and some random website as the canonical source of SELinux documentation. Of course that's the first place anyone will look. At least put it in policycoreutils package docs. There's nothing apart from manpages there and these are quite uninformative. Or put those articles (or link to them) on Fedora wiki. Please. Regards, R. -- Fedora http://fedoraproject.org/wiki/User:Rathann RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu "Faith manages." -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations" -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
