[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



on 9/23/2007 4:28 PM, Beartooth wrote:
> On Sun, 23 Sep 2007 14:56:17 -0400, David Boles wrote:
> 
>> I can understand your problems. And everyone told you correctly that
>> disabled really does mean that. Several mentioned something about
>> 'disabled' that I have not seen you address. SELinux in not like a lamp.
>> On (enabled/enforcing) and Permissive (enabled/reports only) keep the
>> SELinux 'system' active and 'up to date' with the permissions. Disables
>> (off) does not. So turning it off for a time and then turning it back on
>> will most likely cause problems, from what I understand.
> 
> 	Hmmm ... So if I disable it, I better leave it disabled till the 
> next release of Fedora? 


That I can *not* answer. I do not that a relabel would probably be
necessary for anything resembling sanity.  :-)



>> Everyone here seems to be in a the panic mode. If left alone, as I have
>> done, SELinux just runs merrily along. 
> 
> 	That's where your experience differs from mine. Maybe I shouldn't 
> have installed the troubleshooter??


There are several tools coming in Fedora 8 that will make this a snap.
Many, not all, but many I IMO have made their troubles and then only made
them worse. I *really* know very little about SELinux tech stuff. And
other than following the troubleshooter suggestions, have never done
anything to/with it. I do *not* write those fancy rules or any of that.


>> I do not have any third party
>> packages installed. I don't try to watch videos that require Windows
>> codecs. No fancy rotating cube desktops. No Windows games run in Linux.
>> No third party compiled video drivers. Nothing special.
> 
> 	Third party packages here are Pine and Opera -- unless you also 
> count things yum can get from livna; then there might be others. But 
> certainly none of the rest of that stuff.

I don't see, from here, anything that should cause you the problems that
you describe. The paranoia about SELinux can get really strong.  ;-)

As I understand it, Alan Cox could explain this better I am sure, SELinux
is there to try to stop poorly written 'good' programs from doing 'things'
that they should not do. Security. It is there to stop 'bad' programs from
doing the same thing(s). Security.

SELinux is *not* there so that you can't watch movies, or play music, or
games, or things like that. The reason, again as *I* understand this, is
that some of those applications are poorly written and violate that principal.


>> Linux is about choice. You don't want to use it? Turn it off by all
>> means.
>>
>> BTW - You mentioned having problems with man pages. The site where this
>> script came from is down for some reason but I have, from there, a
>> script that will make a text file of man pages. Load in your favorite
>> editor. Search. Scroll back and forth. Do your thing. --
> 
> 	Confession time : I follow this list, insofar as I can, only by 
> using Gmane. 90% of it is way over my head (or concerned with things like 
> games that are irrelevant to me), and if it weren't for Pan and Gmane, I 
> wouldn't have a prayer of coping.


I follow some of the development lists myself. Oephan child left out in
the cold there sir.  ;-)

No *not* sell yourself short. All it takes is some time, some experience,
and some good people, those people do exist, like many on this list.

First do not fall for the FUD. This is a help list. Users come here for
help so you will only see problems. Wireless comes to mind as an example.
There are problems with that for some people with some chips so I would
*expect* to see many posts about that. They have a problem and need help.
I doubt that user that have *no* problems would jion the list and post
that 'all is great'. Think about it.


> 	But Gmane, unfortunately, eliminates attachments. Or maybe the 
> list itself does. I see neither any script nor any URL here. If you don't 
> mind sending it again direct, the address above, at swva.net, is valid. 
> TIA!


Hmm...  I have sent this to several others, off list. I did *not* send it
to the list. Some users would not be interested. Some have limits.

I will send you a tar.bz2 privately with four scripts along with a test
file that describes them. The same tar.bz2 that I have sent to others.

Let me know if you have questions.

Good luck.
-- 

  David

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]