On Wed, 2008-01-09 at 08:33 +0900, Marc Wiriadisastra wrote: > > Marc Wiriadisastra wrote: > >> <snip> > >> > >>> The best standard for this, which we declare for other guides, is to do > >>> a completely default installation of Fedora and work from that. The > >>> default SELinux mode is Enforcing the targeted policy. I find it > >>> useful > >>> to do testing in a VM since it means I don't have to monkey with my > >>> actual system configuration -- and in any case that would be a bad idea > >>> since it's sometimes difficult to predict how the changes one has > >>> already made would affect testing results. > >>> > >> > >> What do you use as a VM. I tried VMWare and I don't really like it I'm > >> not to sure what else is out there. Also are there any docs to install > >> the VM if you use a different kind? > >> > >> Cheers, > >> > >> Marc > >> > >> > > As just a user when I got to F7 I was Attacked by SElinux :-) > > I wrote to the Fedora list my problems and found I was not alone. A > > whole lot of F7 users deleted SElinux. Then on to F8 and I decided to > > try it again and set it up full power and have had zero problems :-P > > > > It is there to protect from bad things but never do I see or hear > > from it. I think the developers got it right. > > > > Karl > > > > > I definitely agree with you there. The challenges show up when you try to > create a samba share in your home directory, try to create a home > public_html directory and a few other bits and pieces. > > The main gripe's can be fixed with the programs built into Fedora. I > still get SELinux popping up for Java and a few other programs but thats > because of text/fonts and also with flash (online games for my son) > > I do think however that it is a brilliant set up and a lot of the times a > touch /.autorelabel or whatever it is fixes it. Other options are > restorecon -r -v /directory fixes it. I started using SELinux in FC3 (FC2?), retreated to "disabled" for the rest of that release, and then for FC4 (FC3?) I just decided to man up and face it, since all the reading I did made it seem completely amazing and far superior deseign to AppArmor. (Not to mention which there was a good chance I'd run into it again in the public sector.) In F7 and F8 it has been remarkably good, and the setroubleshoot/sealert tools have helped me better understand how it works. (Plus Karsten's FAQ, thanks man.) :-) The booleans make it very tunable and there's almost no problem I haven't been able to lick using some diagnostic skills, common sense, and a turn or two around Google. -- Paul W. Frields, RHCE http://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 Fedora Project: http://pfrields.fedorapeople.org/ irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-docs-list mailing list fedora-docs-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-docs-list
