-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't disagree with Steve, but I don't have any cycles to work on the problem. Perhaps someone from Docs wants to reach out to Steve to see how to collaborate and make things better. - - Karsten On 11/09/2011 05:09 PM, Steve Kelem wrote: > If that stuff on the Fedora 13 site is no longer valid, it would > be useful to all of us who search the web for useful info to be > directed to the place with the latest information. Is there any > chance that whoever maintains the page that I found be told where > the latest stuff is and then add a pointer to the latest stuff? > > When I upgraded to Fedora 15, a bunch of stuff stopped working. I > only stumbled across a bunch of SElinux errors in a tool that > suggests how to fix the problem but relies on the user being > intimate with SElinux. I couldn't find any explanation or even a > definition of what these 20 or so "labels" are, so I don't know > what I'm going to break if I guess at what labels to use! I'm not > a novice. I worked with Unix (yeah, the original Unix) in the > 1980's. I have a Ph.D. in Computer Science and my former wife > worked in formal security and was always talking about MAC and DAC > access. So I at least know what the terminology is and why it's a > good thing. This SElinux stuff looks like a good thing, but I've > found very little info on how to use it, how to understand it, or > how to fix the problems as my system seems to be upgraded > automatically to use it. I'm hoping I can encourage people to put > out some good documentation so that it will catch on and be used. > > Sincerely, Steve Kelem > > Karsten 'quaid' Wade said the following on 11/08/2011 11:10 AM: >> Hi Steve: >> >> Looks like a lot of good points below. I'm not aware of the >> status of the SELinux FAQ; I did think most of that info was >> moved in to release-specific documentation. (I haven't been a >> maintainer of that FAQ in a long time.) >> >> I'm Cc:ing this to the Fedora Docs team, who manage the depth and >> breadth of Fedora technical content - definitely the folks to >> ask. >> >> http://lists.fedoraproject.org/mailman/listinfo/docs >> >> - Karsten >> >> On 11/08/2011 07:29 AM, Steve Kelem wrote: >>> Hi. I've been reading the Fedora 13 SELinux FAQ. >> >>> 1. I found the SELinux FAQ under Fedora 13 at >>> > http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4228000. >> >> >> > I > was surprised that this document is tied to Fedora 13. With Fedora 15 >>> about to be replaced by Fedora 16, it seems strange to tie >>> SELinux to a specific revision of Fedora. 2. Under "What are >>> file contexts?" it says: "Fedora ships with the |fixfiles| >>> script, which supports four options: |check|, |relabel|, >>> |relabel| and |verify|." One of these "relabel" options should >>> be "restore". 3. Under "How do I make a user public_html >>> directory work under SELinux?", item #2 says: >> >>> *|ls -Z -d public_html/|* |drwxrwxr-x auser auser >>> user_u:object_r:user_home_t public_html| *|chcon -R -t >>> httpd_user_content_t public_html/ ls -Z -d public_html >> >>> This should be:|* *|ls -Z -d public_html/|* |drwxrwxr-x auser >>> auser user_u:object_r:user_home_t public_html| *|chcon -R -t >>> httpd_user_content_t public_html/ ls -Z -d public_html/ >> >>> Better yet, you should distinguish what's type v.s. what's >>> returned by the system:|* >> >>> *|% ls -Z -d public_html/|* |drwxrwxr-x auser auser >>> user_u:object_r:user_home_t public_html| **|%|***|chcon -R -t >>> httpd_user_content_t public_html/ |***|%|***|ls -Z -d >>> public_html/|**||* >> >>> 4. In item 3, it says that there is a "SELinux tab" in >>> system-config-selinux. My version is (c) 2006 (in Fedora 15!) >>> and does not have a SELinux tab. It has tabs: Status, Boolean, >>> File Labeling, User Mapping, SELinux User, Network Port, >>> Policy Module, and Process Domain. The command described is >>> under the "Boolean" tab, search for "home directories", and >>> you'll find it. >> >> >> > - -- name: Karsten 'quaid' Wade, Sr. Community Architect team: Red Hat Community Architecture & Leadership uri: http://communityleadershipteam.org http://TheOpenSourceWay.org gpg: AD0E0C41 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFOwcVb2ZIOBq0ODEERAmeYAKDCGwJkFiO3Hnjs5gLlw1Al33ETNQCfZ5yB 74VjFgJnKoahegeNRAl7TVc= =Cry7 -----END PGP SIGNATURE----- -- docs mailing list docs@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/docs
