Hello Chaps, I'm running SELinux in permissive mode on F8. I was thinking of switching to enforcing mode and took a peek inside /var/log/messages to see what denials SELinux is currently reporting. I was *horrified* - there must be thousands there! Doing "cat /var/log/audit/audit.log" is even worse - it takes about a minute to scroll through! They mainly relate to procmail, clamd and samba but I get many reports of incorrectly labelled files (file_t). I want to tackle these one step at a time and I think the first place to start is with the incorrectly labelled files. I have tried the "touch ./autorelabel; reboot" trick (several times!) but I still get the same errors. As a mater of interest, I have a procmail recipe which writes a copy of every mail I receive to a backup area on my /dev/sda8 partition, mounted as /mnt/backup/ by fstab. (It is an ext3 partition). I have tried doing: "restorecon -v -R /mnt/backup" and even: "fixfiles relabel" on this partition, but I gather this will not work. I think that I must somehow define a policy for this (and probably other) partition(s), but I am unclear as to how to go about this. I am reasonably familiar with Linux generally, but am a complete SELinux virgin (and frankly scared silly of it). I normally turn off SELinux as my first action after installing a distro, but I think it's about time I got to grips with its security benefits. I would be very grateful therefore if someone could hold my hand through this learning process! I have to run this particular box headless and access via ssh so I have to do everything with command-line tools. Thanks in advance... Mark
Attachment:
pgp3vwlpCNGbR.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
