[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On Sun, 2007-09-23 at 01:11 -0500, Arthur Pemberton wrote:
> It takes less that a minute to find out 'man chcon'' :
> http://linux.die.net/man/1/chcon

chcon wasn't referred to in the list of see also man files at the bottom
of the selinux man file.  More hunting would have been required to know
about that command.  It's just another part of the obscureness of it.
At the very least, I'd expect man selinux to get me started with the
things I needed to know.

> u -> user
> r -> role
> t -> type
> 
> Manual modification of the security contexts aren't really expected of
> most people.

You need to know how to understand what's there when you're trying to
work out why you can't serve something, etc.  And they're still not
particularly coherent with the example I gave.

>>> Or a PNG file in my webserver directory:
>>> user_u:object_r:httpd_sys_content_t

That PNG is user user, object role, HTTP system content type?  WTF!
What the hell is an object role, and how is a PNG file a system
anything?

-- 
[tim bigblack ~]$ uname -ipr
2.6.22.5-76.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]