Advice for installing test2 if you are going to be.... [selinux]

Ric Letson digitalcontrol at myrealbox.com
Mon Apr 5 02:57:07 UTC 2004 

On Sun, 2004-04-04 at 13:20, Brian Bober wrote:
> I'm glad that you can still recover in general. This SELinux stuff is really
> complicated and although I might have time to really dig through all the very
> difficult technical information about it, its going to intimidate many new and
> seasoned Linux users. It'd be nice if fedora/Redhat wrote some really good
> documentation about it made for people that really don't understand the inner
> workings of the operating system that well. Something that starts out simple
> and dumbed down, and then goes into more detail as you work your way through
> the documentation... Designed so that you can stop reading at some point if you
> are just a casual user of Linux and not an IT administrator or developer.
> 
> It'd also probably be good if fedora/Redhat got a configuration tool for
> SELinux out, perhaps as soon as possible so it can be tested.
> 
> I'm thinking that they might want to disable SELinux by default on the non-test
> release until core 3 if this isn't done.
> 
> > 
> > > Three levels of quote.....

A set of utilities is definitely needed for editing SELinux policies. I
find SELinux intimidating even after working with SELinux on Gentoo. At
the same time, I like SELinux better than GRSEC and find it to be more
configurable and I'm sure I haven't begun to scratch the surface of it's
abilities.

There is a beta webmin module out there called SEMPE which is produced
by Hitachi for editing SELinux policies but doesn't work on the 2.6
kernel based SELinux. It's written for the old LSM based SELinux
implementation. Their also working on a webmin module for the current
SELinux policies but it may be a while before that is complete.

Proper documentation on fedora-selinux would be wonderful and I'm sure
it will come about gradually. In the mean time, just in case you didn't
know, there's a FAQ Page that I was pointed to by Karsten Wade at:
http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/

-- 
Ric Letson, NB2E
digitalcontrol at myrealbox.com
============================
GPG Signed for Authenticity



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20040404/33d96613/attachment.sig>

More information about the fedora-test-list mailing list