On 03/04/2010 11:52 PM, Chuck Anderson wrote: > On Thu, Mar 04, 2010 at 09:29:14PM -0600, Robert Nichols wrote: >> And, it appears that I have to remember to re-install all local policy >> modules every time there is a policy update, right?? :-(( > > I don't have either of these problems, and I've been using procmail on > (admittedly older) Fedora for years. I think I know what happened to make it appear that the local policy module got dropped. A simple mistake on my part that just happened to occur at the time an update got installed. As for the execute permission problem, you probably aren't executing any user-written scripts from within your home directory. In fact, I know you're not -- SELinux won't allow that. I'm once again finding SELinux to be absolutely hopeless, and I'm barely getting started with the things I want this system to do. Right now I'm trying to set up my mail processing. I do quite a bit of processing on my personal incoming mail. Messages get classified (partly by that awk filter that prompted this thread), and then processed in a variety of ways. Files get decoded and stored where I want them. Processes get started to evaluate incoming data based on information in a local database. That sort of thing. SELinux wants to block all of that. The only alternative I can see is to start a continuously running background process that runs audit2allow on every AVC that shows up in the log and let that continue for a few months, and I probably still won't dare go into enforcing mode for fear that some rare but important event will cause yet another denial and leave me with a mess to clean up. SELinux works well and unobtrusively if you use only the software that comes with your distribution and don't go much beyond clicking on icons in your use of it. My laptop falls into that category. I'm trying to bring up a server right now, where SELinux would actually be useful, but dealing with SELinux there is looking to be way beyond what I can undertake. -- Bob Nichols RNichols42@xxxxxxxxxxx -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
