SELinux removed from desktop cd spin?

Daniel J Walsh dwalsh at
Thu Jan 17 16:42:34 UTC 2008

Hash: SHA1

Valent Turkovic wrote:
> On Jan 16, 2008 10:13 PM, Dave Airlie <airlied at> wrote:
>> On Wed, 2008-01-16 at 16:00 -0500, Alan Cox wrote:
>>> On Wed, Jan 16, 2008 at 08:57:56PM +0100, Valent Turkovic wrote:
>>>> I believe that SELinux is a great linux server security hardening tool
>>>> but that has little use in desktop linux usage and it confuses
>>>> ordinary desktop users.
>>> Desktop users are the people it is most important for.  If it is still confusing
>>> people we need to fix the confusions. Perhaps you can explain more ?
>> We made one big mistake with SELinux, selinuxalert or whatever it is
>> called... we haven't learned from the MAC vs Windows ads... we now have
>> an app that puts us squarely into the Windows lack of usefulness camp.
>> "hey user this app is doing something bad. do you want to let it do
>> it?"_t.
> I wish it was that easy when I installed fluendo codes I couldn't play
> my multimedia because SELInux blocked it (nobody tested it even that
> fedora 8 advertised fluendo codec support as one of its new shiny
> features).
> selinux troubleshoot tool it still to hard for ordinary desktop users.
> I see the real benefit of SELinux troubleshoot tool for admins using
> RHEL of fedora on their servers but on desktop I hardly see any point.
> I will bet anybody who wants that Fedora live cd users will have more
> trouble from using SElinux than benefit. Also that ubuntu, opensuse
> and other distros that don't use SElinux won't be in trouble from some
> 0day exploit.
> Valent.
# setsebool -P allow_execmod=1

THis will turn off checking for badly coded shared libraries.  (fluendo
codecs and others.)

Also make sure you are up2date with the latest policy.  Finally make
sure /var/log/ has the right context.  restorecon -R -v /var/log
logrotate had a bug where it was loosing file context.

Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the fedora-devel-list mailing list