Advice for installing test2 if you are going to be saving files

[Brian Bober]

I'm glad that you can still recover in general. This SELinux stuff is really
complicated and although I might have time to really dig through all the very
difficult technical information about it, its going to intimidate many new and
seasoned Linux users. It'd be nice if fedora/Redhat wrote some really good
documentation about it made for people that really don't understand the inner
workings of the operating system that well. Something that starts out simple
and dumbed down, and then goes into more detail as you work your way through
the documentation... Designed so that you can stop reading at some point if you
are just a casual user of Linux and not an IT administrator or developer.

It'd also probably be good if fedora/Redhat got a configuration tool for
SELinux out, perhaps as soon as possible so it can be tested.

I'm thinking that they might want to disable SELinux by default on the non-test
release until core 3 if this isn't done.

--- Russell Coker <russell at coker.com.au> wrote:

> >
> > This won't mean that if you are trying to recover a disk that won't boot,
> > or something, that you might not have access to your stuff if you can't
> 
> If you are recovering a damaged installation then you will do so as 
> sysadm_r:sysadm_t, and therefore you can access all files.
> 
> One thing to note about recovery is that there may be files with bad labels. 
> 
> For example if a machine has a file in a user home dir with type 
> chkpwd_exec_t or the type of some other file that will trigger a transition 
> to a domain that has access to /etc/shadow then it's a problem.  Like having 
> a SETUID root binary.  Of course if you mount it in single-user mode it won't
> 
> necessarily be an issue, and you can use the context= mount option.
>