SELinux Understanding
Karl Larsen
k5di at zianet.com
Mon Oct 15 15:02:47 UTC 2007
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Karl Larsen wrote:
>
>> Thomas Cameron wrote:
>>
>>> On Sat, 2007-10-13 at 05:38 -0600, Karl Larsen wrote:
>>>
>>>
>>>
>>>>> That's called coincidence, not proof.
>>>>>
>>>>>
>>>>>
>>>> I think your trying to protect SELinux. I don't know why.
>>>>
>>>>
>>> No, it's pointing out the obvious. The issue you had was NOT - repeat
>>> NOT - an issue with SELinux.
>>>
>>> A lot of people a lot smarter than you have said so, you bring NO proof
>>> to the list, just supposition based on coincidence.
>>>
>>> I've tried to be polite to you out of respect to my elders, but you are
>>> just full of shit and won't listen to folks who know a bunch more than
>>> you do.
>>>
>>> Get this through your head: Your issues are NOT due to SELinux. I
>>> don't know what you did, but you are the kind of user that sysadmins
>>> HATE because you go in and jack up your system and then blame the system
>>> or the admin.
>>>
>>> Listen to those who know more than you do, OK?
>>>
>>> Thomas
>>>
>>>
>>>
>> Listen you fat head jerk! You brought nothing but your gut feeling
>> that SELinux can't be the cause period.
>>
>> Well your almost right. But you have no idea why. You do not know why
>> your right. Or what that means. I will not turn SELinux back on until a
>> Bug is fixed in F7 8-)
>>
>>
>>
>>
>>
>>
> Karl,
>
> When you turned on SELinux the AVC's were being logged to
> /var/log/audit/audit.log This is where setroubleshoot and other tools
> grab the AVC messages.
>
Those that I presented are from /var/log/messages.
> When you go from disable to enabled, the entire system needs to be
> relabeled. This can take a long time to happen since the entire file
> system is walked. After relabeling your system should work properly.
>
Yesterday I changed SELinux from off to full enforce. It booted up
fine this morning and I really can't tell it is on. But it did take 30
minutes to label all the directories.
> I would make sure that you have updated to the latest policy for Fedora
> 7, and if you are running something like NIS you might need to turn on
> certain selinux booleans.
>
I have every update for F7 on this machine now. I have no idea what
NIS is.
> setsebool -P allow_ypbind 1
>
> Which will allow your system to use NIS.
>
> The bugs/avc's you reported earlier do not look like SELinux was going
> nuts.
>
>
SELinux was not nuts. It was sending endless messages to dbox which
was mal-functioning. There is a bug in dbox.
> It is also feasable that you are running a file system reiser? that
> SElinux does not support. Or there is some problem that adding of file
> context to your machine triggered.
>
>
Nope all my file systems are EXT3.
> I have not heard of SELinux in permissive mode causing the types of
> problems that you say occured on your machine.
>
>
I think I got a SELinux update the day before the problem. This
caused SELinux to send out new data and the bug hit. Every time I get a
SELinux update I will relabel the files.
> Dan
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iD8DBQFHE3pNrlYvE4MpobMRAoUeAKC6RYl3jMY2tTg07m/eG9mZPXMeUQCfVN/S
> Y57/t5wyJCUFIa66VD6VWjg=
> =y2mg
> -----END PGP SIGNATURE-----
>
>
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the fedora-list
mailing list