SELinux Understanding

Karl Larsen k5di at zianet.com
Mon Oct 15 15:02:47 UTC 2007


Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Karl Larsen wrote:
>   
>> Thomas Cameron wrote:
>>     
>>> On Sat, 2007-10-13 at 05:38 -0600, Karl Larsen wrote:
>>>
>>>  
>>>       
>>>>> That's called coincidence, not proof.
>>>>>
>>>>>         
>>>>>           
>>>>     I think your trying to protect SELinux. I don't know why.
>>>>     
>>>>         
>>> No, it's pointing out the obvious.  The issue you had was NOT - repeat
>>> NOT - an issue with SELinux.
>>>
>>> A lot of people a lot smarter than you have said so, you bring NO proof
>>> to the list, just supposition based on coincidence.
>>>
>>> I've tried to be polite to you out of respect to my elders, but you are
>>> just full of shit and won't listen to folks who know a bunch more than
>>> you do.
>>>
>>> Get this through your head:  Your issues are NOT due to SELinux.  I
>>> don't know what you did, but you are the kind of user that sysadmins
>>> HATE because you go in and jack up your system and then blame the system
>>> or the admin.
>>>
>>> Listen to those who know more than you do, OK?
>>>
>>> Thomas
>>>
>>>   
>>>       
>>    Listen you fat head jerk! You brought nothing but your gut feeling
>> that SELinux can't be the cause period.
>>
>>    Well your almost right. But you have no idea why. You do not know why
>> your right. Or what that means. I will not turn SELinux back on until a
>> Bug is fixed in F7 8-)
>>
>>
>>
>>
>>
>>     
> Karl,
>
> When you turned on SELinux the AVC's were being logged to
> /var/log/audit/audit.log  This is where setroubleshoot and other tools
> grab the AVC messages.
>   
    Those that I presented are from /var/log/messages.
> When you go from disable to enabled, the entire system needs to be
> relabeled.  This can take a long time to happen since the entire file
> system is walked.   After relabeling your system should work properly.
>   
    Yesterday I changed SELinux from off to full enforce. It booted up 
fine this morning and I really can't tell it is on. But it did take 30 
minutes to label all the directories.
> I would make sure that you have updated to the latest policy for Fedora
> 7, and if you are running something like NIS you might need to turn on
> certain selinux booleans.
>   
    I have every update for F7 on this machine now. I have no idea what 
NIS is.
> setsebool -P allow_ypbind 1
>
> Which will allow your system to use NIS.
>
> The  bugs/avc's you reported earlier do not look like SELinux was going
> nuts.
>
>   
    SELinux was not nuts. It was sending endless messages to dbox which 
was mal-functioning. There is a bug in dbox.
> It is also feasable that you are running a file system reiser?  that
> SElinux does not support.  Or there is some problem that adding of file
> context to your machine triggered.
>
>   
    Nope all my file systems are EXT3.
> I have not heard of SELinux in permissive mode causing the types of
> problems that you say occured on your machine.
>
>   
    I think I got a SELinux update the day before the problem. This 
caused SELinux to send out new data and the bug hit. Every time I get a 
SELinux update I will relabel the files.



> Dan
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFHE3pNrlYvE4MpobMRAoUeAKC6RYl3jMY2tTg07m/eG9mZPXMeUQCfVN/S
> Y57/t5wyJCUFIa66VD6VWjg=
> =y2mg
> -----END PGP SIGNATURE-----
>
>   


-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.




More information about the fedora-list mailing list