SELinux Understanding
Antonio Olivares
olivares14031 at yahoo.com
Fri Oct 12 21:52:39 UTC 2007
----- Original Message ----
From: Karl Larsen <k5di at zianet.com>
To: For users of Fedora <fedora-list at redhat.com>
Sent: Friday, October 12, 2007 4:31:44 PM
Subject: Re: SELinux Understanding
Antonio Olivares wrote:
> --- Karl Larsen <k5di at zianet.com> wrote:
>
>
>> While reading the man selinux I found the part
>> that makes me think
>> that this software may not be ready for a desktop
>> user. Here it is:
>>
>> FILE LABELING
>> All files, directories, devices ... have a
>> security context/label
>> asso-
>> ciated with them. These context are stored
>> in the extended
>> attributes
>> of the file system. Problems with SELinux
>> often arise from
>> the file
>> system being mislabeled. This can be caused
>> by booting the
>> machine with
>> a non selinux kernel. If you see an error
>> message containing
>> file_t,
>> that is usually a good indicator that you
>> have a serious
>> problem with
>> file system labeling.
>>
>> The best way to relabel the file system
>> is to create the
>> flag file
>> /.autorelabel and reboot.
>> system-config-securitylevel, also
>> has this
>> capability. The restorcon/fixfiles
>> commands are also
>> available for
>> relabeling files.
>>
>> Now I have used some of these ideas today. The list
>> suggested and I did.
>> But this stuff is not the kind of thing a person not
>> using Linux in
>> business wants to know about.
>>
>> Using all these fixes need your computer running and
>> up so you can do
>> them. But I guess you could come up in a rescue CD
>> and do these commands
>> if you remember them.
>>
>> So why would a desktop user ever want to run SELinux
>>
>
> Because it comes with Fedora whether you like it or
> not. You have 3 options, *** this has been stated X
> number of times in previous selinux related threads
> ***
>
> 1) run selinux disabled
> 2) run selinux permissive
> 3) run selinux targeted.
>
> Option 1 and 2 are what most users that do not like
> selinux use in order to continue using Fedora,
>
> For option 3 to work, you need to work cooperatively
> and use setroubleshooter and diagnoze and correct
> issues with it. Report bugs and use it wisely. It
> can be a pain in the glass, but you have to remember
> that it is an extra layer of protection, you only have
> it there to protect you and not hurt you. IF it
> bothers you, run it in disabled mode or permissive
> mode.
>
> The issue(s) of Selinux here on the list have been
> discussed many times, have you not seen many posts
> about it. Why come back to it and create more trouble
> for the people on this list?
>
> Understanding Selinux is very hard, do what
> setroubleshooter recommends, if it does not work,
> complain and join selinux list and ask for help, if
> you do not want to help out fix the problems that you
> and others might have, just run it disabled and there
> you go. There are many things in life that are very
> hard to understand, please take more time to reflect
> on your actions.
>
> BTW, you are becoming very famous Karl, even on the
> Fedora page for PulseAudio the new sound system for
> Fedora 8 mentions your name in the
>
> Usage cases/rationale
>
> http://fedoraproject.org/wiki/Releases/FeaturePulseaudio
>
> Unless it is another Karl then I am sorry for
> mentioning it :(
>
> If it is indeed you, then enjoy your moment in the
> limelight :)
>
> Regards,
>
> Antonio
>
>
>
> ____________________________________________________________________________________
> Pinpoint customers who are looking for what you sell.
> http://searchmarketing.yahoo.com/
>
>
No that is another person with the name Karl either first middle or
last. I do all that stuff with VLC.
>
Ok then, selinux has problems with vlc or vice versa:
https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00043.html
Something about a heap. What is a heap?
Mr. Walsh answered me with
https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00044.html
but I do not know/have the knowlegde of a heap. Mplayer and xine do not complain, but why vlc which is the first time I have it on the linux side. Vlc does not compile from source, xine does not compile from source, only mplayer does and there is a new version out an rc2 version.
This is the summary of the complaint:
Summary
SELinux is preventing /usr/bin/vlc from changing
the access protection of memory on the heap
However, Mr Nicolas (kwizart) has answered the following.
https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00045.html
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
--
Regards,
Antonio
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/
More information about the fedora-list
mailing list