selinux-faq/en_US selinux-faq.xml,1.4,1.5
Karsten Wade (kwade)
fedora-docs-commits at redhat.com
Thu Mar 30 19:58:18 UTC 2006
Author: kwade
Update of /cvs/docs/selinux-faq/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23500
Modified Files:
selinux-faq.xml
Log Message:
Fixing passive -> active voice, mainly by searching for 'will' and fixing all instances; this is a habit we all have, in fact some of these may be left over from my previous writing.
Index: selinux-faq.xml
===================================================================
RCS file: /cvs/docs/selinux-faq/en_US/selinux-faq.xml,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- selinux-faq.xml 30 Mar 2006 19:51:56 -0000 1.4
+++ selinux-faq.xml 30 Mar 2006 19:58:15 -0000 1.5
@@ -620,7 +620,7 @@
</para>
<para>
The primary command for dealing with modules is
- <command>semodule</command>, which will let you perform basic
+ <command>semodule</command>, which lets you perform basic
functions such as installing, upgrading, or removing modules.
Modules are usually stored as policy package file (.pp
extension) in
@@ -719,8 +719,8 @@
SELINUX=permissive</userinput>
</screen>
<para>
- This step ensures you will not be locked out after rebooting.
- &SEL; will run under the correct policy, but will allow you to
+ This step ensures are not locked out after rebooting.
+ &SEL; runs under the correct policy, but does allow you to
login if there is a problem such as incorrect file context
labeling.
</para>
@@ -793,9 +793,9 @@
If you use an absolute path, such as
<filename>/var/log/maillog</filename>, when you unpack the
archive with <command>star -c
- -f</command>, the files will be restored on the same path they
- were archived with. The <filename>maillog</filename> file will
- attempt to write to <filename>/var/log/maillog</filename>. You
+ -f</command>, the files are restored on the same path they
+ were archived with. The <filename>maillog</filename> file
+ attempts to write to <filename>/var/log/maillog</filename>. You
should received a warning from <command>star</command> if the
files about to be overwritten have a later date, but you cannot
rely on this behavior.
@@ -887,7 +887,7 @@
<step>
<para>
At this point, <command>httpd</command> is configured to serve
- the contents, but you will still receive a <computeroutput>403
+ the contents, but you still receive a <computeroutput>403
forbidden</computeroutput> error. This is because
<command>httpd</command> is not allowed to read the security
type for the directory and files as they are created in the
@@ -949,8 +949,8 @@
<title>Be careful when disabling &SEL;</title>
<para>
If you boot with <option>selinux=0</option>, any files you
- create while &SEL; is disabled will not have &SEL; context
- information. The file system will be marked for relabeling at
+ create while &SEL; is disabled do not have &SEL; context
+ information. The file system is marked for relabeling at
the next boot. If an unforeseen problem prevents you from
rebooting normally, you may need to boot in single-user mode for
recovery. Add the option <option>emergency</option> to your
@@ -1065,7 +1065,7 @@
<answer>
<para>
Run <command>auditctl -e 0</command>. Note that this command
- will not affect auditing of SELinux AVC denials.
+ does not affect auditing of SELinux AVC denials.
</para>
</answer>
</qandaentry>
@@ -1140,7 +1140,7 @@
<command>audit2allow -M local < /tmp/avcs</command>
</screen>
<para>
- This will create a <filename>local.pp</filename> which you can
+ This creates a <filename>local.pp</filename> which you can
then load into the kernel using
<command>semodule -i local.pp</command>.
You can also edit the <filename>local.te</filename> to make
@@ -1165,8 +1165,8 @@
If you were using the audit daemon, then you should use
<filename>/var/log/audit/audit.log</filename> instead of
<filename>/var/log/messages</filename> as your log file.
- This will generate a <filename>local.te</filename> file, that
- looks something like the following:
+ This generates a <filename>local.te</filename> file, that
+ looks similar to the following:
</para>
<screen>
<computeroutput>module local 1.0;
@@ -1214,21 +1214,19 @@
<qandaentry>
<question>
<para>
- I created a new Policy Package where do I put it to make sure that
+ I created a new Policy Package, where do I put it to make sure that
it gets loaded into the kernel?
</para>
</question>
<answer>
<para>
- All you need to do execute the
- <command>semodule -i myapp.pp</command>
- command. This modifies the policy that is stored on the machine.
- Every time for now on your policy module will get loaded with the
- rest of the policy. You can even remove the pp file from the
- system.
+ You need to execute the command <command>semodule -i
+ myapp.pp</command>. This modifies the policy that is stored on the
+ machine. Your policy module now is loaded with the rest of the
+ policy. You can even remove the pp file from the system.
</para>
<para>
- <command>semodule -l</command> will list the currently loaded
+ <command>semodule -l</command> lists the currently loaded
modules.
</para>
<screen>
@@ -1345,7 +1343,7 @@
<question>
<para>
After relabeling my <filename>/home</filename> using
- <command>setfiles</command> or <command>fixfiles</command>, will I
+ <command>setfiles</command> or <command>fixfiles</command>, am I
still be able to read <filename>/home</filename> with a
non-&SEL;-enabled system?
</para>
@@ -1354,7 +1352,7 @@
<para>
You can read the files from a non-&SEL; distribution, or one with
&SEL; disabled. However, files created by a system not using &SEL;
- systems will not have a security context, nor will any files you
+ systems do not have a security context, nor do any files you
remove and recreate. This could be a challenge with files such as
<filename>~/.bashrc</filename>. You may have to relabel
<filename>/home</filename> when you reboot the &SEL; enabled &FC;
@@ -1376,7 +1374,7 @@
</para>
<para>
When you mount a non-&SEL; file system via NFS, by default &SEL;
- will treat all the files in the share as having a context of
+ treats all the files in the share as having a context of
<computeroutput>nfs_t</computeroutput>. You can override the
default context by setting it manually, using the
<option>context=</option> option. The following command makes
@@ -1413,7 +1411,7 @@
You can create your new user with the standard
<command>useradd</command> command. First you must become
<systemitem class="username">root</systemitem>. Under the strict
- policy you will need to change role to
+ policy you need to change role to
<computeroutput>sysadm_r</computeroutput> with the following
command:
</para>
@@ -1421,7 +1419,7 @@
<userinput>newrole -r sysadm_r</userinput>
</screen>
<para>
- For the targeted policy you will not need
+ For the targeted policy you do not need
to switch roles, staying in
<computeroutput>unconfined_t</computeroutput>:
</para>
@@ -1436,7 +1434,7 @@
<para>
The initial context for a new user directory has an identity of
<computeroutput>root</computeroutput>. Subsequent relabeling of
- the file system will change the identity to
+ the file system changes the identity to
<computeroutput>system_u</computeroutput>. These are functionally
the same since the role and type are identical
(<computeroutput>object_r:user_home_dir_t</computeroutput>.)
@@ -1542,7 +1540,7 @@
way when a benign denial is filling the audit logs.
</para>
<para>
- To look for your particular denial, you will need to enable
+ To look for your particular denial, enable
auditing of all <computeroutput>dontaudit</computeroutput> rules:
</para>
<screen>
@@ -1553,14 +1551,14 @@
is verbose</title>
<para>
Enabling auditing of all
- <computeroutput>dontaudit</computeroutput> rules will likely
+ <computeroutput>dontaudit</computeroutput> rules likely
produce a large amount of audit information, most of which is
irrelevant to your denial.
</para>
<para>
Use this technique only if you are specifically looking for an
audit message for a denial that seems to occur silently. You
- will likely want to re-enable
+ want to re-enable
<computeroutput>dontaudit</computeroutput> rules as soon as
possible.
</para>
More information about the docs-commits
mailing list