[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



On Sunday 23 September 2007, Arthur Pemberton wrote:
>On 9/23/07, Tim <ignored_mailbox yahoo com au> wrote:
>> On Sat, 2007-09-22 at 18:00 +0000, Beartooth wrote:
>> > And thereby hangs an old sad tale. I looked at that -- and found
>> > it utterly incomprehensible.
>>
>> I think the naming of the contexts, themselves, were a really bad
>> incomprehensible thing.
>>
>> Looking in my home space, things have: user_u:object_r:user_home_t
>>
>> What's a user_u, or object_r, or user_home_t?
>>
>> Or a PNG file in my webserver directory:
>> user_u:object_r:httpd_sys_content_t
>>
>> They're not at all intuitive.  What's a "u," "r," or "t"?  I've no
>> choice but to read a manual to work that out, I couldn't even guess at
>> it.  But a quick look through a few of the SELinux manuals doesn't
>> explain what any of it means.
>
>It takes less that a minute to find out 'man chcon'' :
>http://linux.die.net/man/1/chcon

True, but how long does it take to find out that the man page you should be 
reading is a name from some dialect of swahili called chcon?

>u -> user
>r -> role
>t -> type
>
>Manual modification of the security contexts aren't really expected of
>most people.

BS. If we, the installers, don't know what a file does, maybe.  But if we 
install something to do a job, such as heyu, then we are generally smart 
enough to adjust the perms so it can work as intended.  We just need to know 
how and what to do rather than playing the 10,000 monkeys writing Hamlet 
game, only to find we got the Barber of Seville.  Aka now its really fscked 
up.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
One planet is all you get.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]