Request to re-add option to disable SELinux - compromise

Ralf Corsepius rc040203 at freenet.de
Wed Jul 9 14:23:34 UTC 2008


On Wed, 2008-07-09 at 09:57 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ralf Corsepius wrote:
> | On Wed, 2008-07-09 at 11:58 +0200, Nils Philippsen wrote:
> |
> |> One question nobody has been able to answer to my satisfaction yet: Why
> |> would it be essential that SELinux can be disabled from the installer
> |> vs. from the installed system?
> | One point: Once SELinux had been active, it can cause problems, despite
> | it had been disabled, afterwards:
> | C.f.: https://bugzilla.redhat.com/show_bug.cgi?id=453365
> |
> | Ralf
> |
> |
> This is a bug in code, and I am not sure this would not have happened if
> SELinux was disabled in the first place.

Neither am I. 

My point is: kernel-/filesystem-side of SELinux apparently is not
entirely transparent to applications and may disturb "arbitrary, known
to work" applications, even if SELinux is off.

In my case, I repeatedly had SELinux active on the machine exposing the
issue from the BZ, and had encountered the broken "patch" after having
switched SELinux off.

Having a look into the patch, which seems to have fixed "patch", I am
inclined to think the actual cause for this breakdown is inside of the
kernel or the filesystem.

Ralf





More information about the fedora-devel-list mailing list