Hi!
First, is SELinux supposed to work in Fedora Core 2 or is it in beta(alpha) phase ?
Because I get a failure right 5 minutes after installation.
I did a SELinux enabled install of FC2 ( Workstation type ). In firstboot I created a user.
The I tried to log in on VC2 as that user and it gave a SELinux access denied error. bash was denied access to /home/me/.bash_profile
The I issued a "ls -a" command and it could only list the file names, but not the properties, again, access was denied.
So is SELinux there to be used or to be yet developed ? Or was this an accidental bug ? Should I bugzilla it ?
Regards, David ---------------------------------------------------------------------------- ----------- http://noepatents.org/ Innovation, not litigation ! --- David Balazic mailto:david.balazic@hermes.si HERMES Softlab http://www.hermes-softlab.com Zagrebska cesta 104 Phone: +386 2 450 8851 SI-2000 Maribor Slovenija ---------------------------------------------------------------------------- ----------- "Be excellent to each other." - Bill S. Preston, Esq. & "Ted" Theodore Logan ---------------------------------------------------------------------------- -----------
On Wed, 2004-06-09 at 09:42 +0200, David Balazic wrote:
Hi!
First, is SELinux supposed to work in Fedora Core 2 or is it in beta(alpha) phase ?
Because I get a failure right 5 minutes after installation.
I did a SELinux enabled install of FC2 ( Workstation type ). In firstboot I created a user.
The I tried to log in on VC2 as that user and it gave a SELinux access denied error. bash was denied access to /home/me/.bash_profile
Boot to runlevel 1 and run 'fixfiles relabel'. The filesystem is most likely not relabeled using the installed policy. This must be done before SELinux will operate correctly.
The I issued a "ls -a" command and it could only list the file names, but not the properties, again, access was denied.
So is SELinux there to be used or to be yet developed ?
Yes.. but it is not a drop-in security fix without setup or management.. yet. You will need to deal with deveopment issues periodically. The first one would be getting the newest policy packages, which have changed name from the FC2 install. You should install via yum or apt all of the selinux packages from the Development directories on mirrors:
selinux-policy-targeted-1.13.3-2 libselinux-1.13.2-1 libselinux-debuginfo-1.13.2-1 libselinux-devel-1.13.2-1 selinux-doc-1.10-1 selinux-policy-strict-1.13.3-2 selinux-policy-strict-sources-1.13.3-2 selinux-policy-targeted-sources-1.13.3-2
If you want to test out SELinux with minimal fuss you should configure the targeted policy.
Or was this an accidental bug ? Should I bugzilla it ?
Probably not, first try the above -- failure to label the filesystem at install has been discussed some already so its probably not new. More useful info here: http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
Regards, David
On Wed, 9 Jun 2004 17:42, David Balazic david.balazic@hermes.si wrote:
First, is SELinux supposed to work in Fedora Core 2 or is it in beta(alpha) phase ?
It is supposed to work.
Because I get a failure right 5 minutes after installation.
I did a SELinux enabled install of FC2 ( Workstation type ). In firstboot I created a user.
This is a known bug, when firstboot creates a user it doesn't give the correct type to the home directory files. Running setfiles is the correct thing to do. But you don't have to label the entire file system, just the home directory for the new user.
selinux@lists.fedoraproject.org