selinux breaks fish/sftp in konqueror?

Daniel J Walsh dwalsh at redhat.com
Wed Apr 7 13:38:26 UTC 2004 

Harald Hoyer wrote:

> try booting with "selinux=0 enforcing=0" ... this should completly 
> disable selinux
>
> Kepa wrote:
>
>> Hi,
>>
>> After I set grub boot for selinux=0, I found myself unable to use fish
>> and sftp from within konqueror (but sftp would work from within a
>> terminal).  Even connections to localhost would not work, no error
>> messages given, just hung interminably.
>>
>> After re-labelling the system and setting selinux=1 I can once again use
>> fish/sftp.
>>
>> Now, is there some way I can totally get rid of selinux? Just, gone, no
>> trace, and I hope to never see it again, without re-installing
>> everything?
>>
>> I'm trying to use fc test2 as a desktop, not a server.  I realize it is
>> unstable, but I would like to focus on unstable desktop issues, not
>> server-side.  Also, it is hard to be sure if it selinux misbehaving or
>> something else.
>>
>> I must of missed the option not to include it in the install program,
>> but I don't remember anything.
>>
>> Not so sure why the inclusion of selinux, anyway.  If FC is supposed to
>> be THE linux desktop, then what need is there for excessive security
>> that will confuse newbies?  And as I understand it, since FC is now the
>> beta-test platform for redhat, who would use it as a server OS, 
>> anyway? I will stick to RH 9 or bsd for serving, but I want to see FC 
>> the best
>> linux desktop out there.
>>
>> Thanks,
>>
>> Kepa
>>
>>
>>
>>

SELinux=0 should disable SElinux.

You can verify SELinux is disables by executing a command that looks for 
the security context

ls -Z

or by executing

getenforce

If things are not working with selinux=0 in the grub entry.  They you 
have a non-selinux related problem.
Enforcing=0 turns off enforcing mode of SELinux, but continues to log to 
syslog.  It actually will give you
more eroneous errors than Enforcing=1, because in enforcing mode a 
script might be blocked at the directory
level with a no audit and not try to read the files.  In non enforcing 
mode it will be allowed to read the directory and
every file it reads will generate a denial message.

Dan

>
>

More information about the fedora-test-list mailing list