-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Trying again ... first got bounced for some reason. - -------- Original Message -------- Subject: Re: SELinux FAQ Date: Tue, 08 Nov 2011 11:10:12 -0800 From: Karsten 'quaid' Wade <kwade@xxxxxxxxxx> Organization: Red Hat To: Steve Kelem <steve@xxxxxxxxx> CC: docs@xxxxxxxxxxxxxxxxx Hi Steve: Looks like a lot of good points below. I'm not aware of the status of the SELinux FAQ; I did think most of that info was moved in to release-specific documentation. (I haven't been a maintainer of that FAQ in a long time.) I'm Cc:ing this to the Fedora Docs team, who manage the depth and breadth of Fedora technical content - definitely the folks to ask. http://lists.fedoraproject.org/mailman/listinfo/docs - - Karsten On 11/08/2011 07:29 AM, Steve Kelem wrote: > Hi. I've been reading the Fedora 13 SELinux FAQ. > > 1. I found the SELinux FAQ under Fedora 13 at > http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4228000. > > I > was surprised that this document is tied to Fedora 13. With Fedora 15 > about to be replaced by Fedora 16, it seems strange to tie SELinux > to a specific revision of Fedora. 2. Under "What are file > contexts?" it says: "Fedora ships with the |fixfiles| script, > which supports four options: |check|, |relabel|, |relabel| and > |verify|." One of these "relabel" options should be "restore". 3. > Under "How do I make a user public_html directory work under > SELinux?", item #2 says: > > *|ls -Z -d public_html/|* |drwxrwxr-x auser auser > user_u:object_r:user_home_t public_html| *|chcon -R -t > httpd_user_content_t public_html/ ls -Z -d public_html > > This should be:|* *|ls -Z -d public_html/|* |drwxrwxr-x auser > auser user_u:object_r:user_home_t public_html| *|chcon -R -t > httpd_user_content_t public_html/ ls -Z -d public_html/ > > Better yet, you should distinguish what's type v.s. what's > returned by the system:|* > > *|% ls -Z -d public_html/|* |drwxrwxr-x auser auser > user_u:object_r:user_home_t public_html| **|%|***|chcon -R -t > httpd_user_content_t public_html/ |***|%|***|ls -Z -d > public_html/|**||* > > 4. In item 3, it says that there is a "SELinux tab" in > system-config-selinux. My version is (c) 2006 (in Fedora 15!) and > does not have a SELinux tab. It has tabs: Status, Boolean, File > Labeling, User Mapping, SELinux User, Network Port, Policy Module, > and Process Domain. The command described is under the "Boolean" > tab, search for "home directories", and you'll find it. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFOuvF82ZIOBq0ODEERAvIFAJ9qBaNKCnmPlPnoPmoK7J/x+0j9vgCbBE+o 3FWar8/2+SphFKdP+NSTd2A= =Lao6 -----END PGP SIGNATURE----- -- docs mailing list docs@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/docs
