Do you use SELinux

Gene Heskett gene.heskett at verizon.net
Sat Jun 9 15:37:33 UTC 2007 

On Saturday 09 June 2007, Dotan Cohen wrote:
>On 07/06/07, Matthew J. Roth <mroth at imminc.com> wrote:
>> There was recently an article about SELinux on Slashdot.  The comments
>> contain some useful ideas, including enabling SELinux in permissive
>> mode.  In permissive mode, security violations are logged but not
>> enforced.  This allows you to configure SELinux for your system prior to
>> setting it to enforcing mode, which is a good alternative to simply
>> disabling it as soon as it causes a problem.
>
>This is exactly how I do it. Permissive, to learn and to test, but not
>to interrupt.
>
>Dotan Cohen
>
>http://lyricslist.com/
>http://what-is-what.com/

If that is indeed what it did, that would be fine.  But it just bit me again, 
wasting 4 days of constant twiddling with my lappy and its F7 install.  I had 
it running on my freshly installed F7 on my lappy, in the permissive mode, 
but until I added the selinux=0 line to grub.conf, it still disabled the 
broadcom 4318 radio's ability to transmit.  I spent 4 days studying logs and 
playing the 10,000 monkeys scene with config files and a pocket sniffer 
without ever seeing a peep from that lappy show up.  With or without 
ndiswrapper.  And with _nothing_ in the logs that indicated selinux was 
blocking it.  IIRC there was one line from audit that didn't make any sense 
in the context of the disabled radio (transmit only, rx worked great) problem 
I was having. I added that option to grub.conf and rebooted and its been 
working ever since, but now I have it at least using WEP security.  Which I 
understand isn't, but hey, this IS West Virginia & I know all the neighbors 
my sniffer can see, on a first name, drink a beer with them basis.

So, to Stephan Smalley at the NSA, one more time your baby is turned off and 
it will stay that way till the next install.  I'm tired of that POS lying to 
me.  Life, mine at least since I'm already 72, is too damned short to put up 
with sneaky, underhanded, lying pieces of crap labeled "security", software.

Permissive, in your own dictionary, is supposed to mean that it doesn't do 
anything but log dummy messages in the logs when it doesn't like something.  
MAKE IT SO!

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
I am an optimist.  It does not seem too much use being anything else.
		-- Winston Churchill

More information about the fedora-list mailing list