On Friday 26 March 2004 02:43, Richard Hally wrote: > In reply to Gene C. on this list (his posting is on my other box), > This message is being sent from Mozilla running on the current > /development tree (at runlevel 5) in "enforcing mode". Below are the > three avc denied messages from when I booted in enforcing mode. > This is with the "as provided" policy with one change in the "users" > file to add my username as an "admin". > Once you have installed the policy and policy-sources and done > "make reload" in /etc/security/selinux/src/policy you must also do > "make relabel" (it can take a while) to label all the files correctly. OK, now we are cooking. 1. I found that there are RELEASE-NOTES under development/i386 (I am using development/x86_64). This provides much of the info I was lacking. 2. Your info above was just great. After doing "make reload" and "make relabel", most of the error messages disappeared and most services started ... also gdm now works. Now I can start playing with things to see how they work. A comment: I had done a fresh nfs everything install using a development snapshot which is fairly current (Tuesday 24 March). I believe that things should have worked the way they do now without my needing to run "make reload" (and possibly "make relabel"). I did originally come up in permissive mode so maybe that was my problem and everything would have worked if I came up in enforcing mode from the start ... I don't know. I am going to play with this a bit more to see if I can just install and come up with nothing extra being done (except disabling kudzu until that problem is fixed). Thanks to all who provided info. I can already see that the selinux functionality as being delivered in FC2 is just a start ... there will need to be lots of experimenting to see just what to lock down to make this a more secure environment. Gene
