How best get rid of SELinux?

Beartooth Beartooth at
Sun Sep 23 16:17:23 UTC 2007

On Sun, 23 Sep 2007 02:26:47 -0500, Arthur Pemberton wrote:

> On 9/23/07, Tim <ignored_mailbox at> wrote:
>> That PNG is user user, object role, HTTP system content type?  WTF!
>> What the hell is an object role, and how is a PNG file a system
>> anything?
> 1) check man selinux

	God give me strength. 

	Type "man:selinux" into Konqueror (in order to get it into a 
format which is even legible; man anything on a terminal either shatters, 
or has to be in a font so small that not even a magnifying glass helps -- 
typical ...)

	You get a choice of plain "man selinux" or fifteen (count 'em -- 
fifteen) other man pages. None of them contains "httpd," -- in case I 
know a fraction of what Tim does, and can guess I want that. So I go 
ahead and try to actually slog through the plain command's page.

	The first thing I see is a link to the selinux page at NSA. I 
click on it -- hoping to tell at a glance whether to read it first, or 
leave it for if&when. I get no pointer to anything, but the fanciest "not 
found" message in known space.

	Being a hardened sinner, I waste three minutes studying that, and 
notice that the link ends a sentence. Sure enough. clicking is picking up 
the period -- and the NSA page (the ultimate electronic bureaucrat?) 
doesn't think to try ignoring the period.

	So I c&p the link into another tab, delete the period manually, 
and it links. GoddlemityDAM!

	Turns out selinux is a whole nuther branch of computer science. 
(Makes sense, actually : NoSuchAgency if anybody oughtta have such a 
thing. I'm not NSA.)

	So I leave that tab, take a deep breath, and resume trying to 
read the man page for plain selinux.

	It proves amazingly well written for gummint work. (There is a 
typo : for 'context' singular in the section on File Labeling read 
'contexts' plural.) Please pass my extreme praise to Mr. Walsh; afaik, 
only the Copyright Office in all of gdgummint writes as well.

	It also says in so many words : "The best way to relabel the file 
system is to create the flag file /.autorelabel and *reboot*" [My 
emphasis; no wonder that instruction is in the error messages in the 
trouble shooter.]

> 2) get pointed to man httpd_selinux

	Well, you can call it that; the question is which is to be 
master, as Lewis Carroll says so well. What I see (at the very bottom) is 
a completely uncommented list of fifteen links, one of which is 
"httpd_selinux(8)"  (That means they're not the same fifteen that 
Konqueror found, btw: I triple-checked, and it does not offer me anything 
containing "httpd" among its fifteen. Konqueror won't let me c&p its 

	I suppose someone whose focussed attention was on apache would 
indeed jump on that first. Since I don't run any server I can help, nor 
even have a web page, I'll leave it there.

> 3) get information
> httpd_sys_content_t
>        - Set files with httpd_sys_content_t for content which is
> available from all httpd scripts and the daemon

Beartooth Staffwright, PhD, Neo-Redneck Linux Convert
Remember I know precious little of what I am talking about.

More information about the fedora-list mailing list