Do you use SELinux
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 11 18:07:36 UTC 2007
Jonathan Underwood wrote:
> On 11/06/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> I hope that everyone who is reporting that SELinux broke their machine
>> is reporting the bugs in bugzilla even if they are turning it off.
>> Being good community members. It is difficult to improve the product
>> without getting the bugzillas.
>
> I try as much as I can to do this. But there's quite a lot of
> confusion with F7 - with setroubleshoot, it frequently reports avc
> denials, and tells you to file a bug report. Recently I did that, and
> the bug was closed as NOTABUG and a comment to relabel the file. Left
> me scratching my head, as surely that is a bug with the policy. Or
> another package on the system - either way, the NOTABUG made me think
> that the SElinux maintainers didn't want to hear every setroubleshoot
> report I had, so I stopped reporting them.
>
Well I am one of the SELinux maintainer, and I probably told you it was
not a bug.
If the setroubleshoot tells you to relabel a file/directory try it. If
it works then don't report a bug unless it returns.
Several bugs are caused by doing upgrades and this might leave the file
system mislabeled. Other cases we might not know
what caused the file to be mislabeled, whether it was Human interaction
or an application. So if you do not have information about how it
became mislabeled we can not necessarily figure out what happened.
More information about the fedora-list
mailing list