Fwd: Re: SELinux FAQ

Karsten 'quaid' Wade kwade at redhat.com
Wed Nov 9 21:32:44 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Trying again ... first got bounced for some reason.

- -------- Original Message --------
Subject: Re: SELinux FAQ
Date: Tue, 08 Nov 2011 11:10:12 -0800
From: Karsten 'quaid' Wade <kwade at redhat.com>
Organization: Red Hat
To: Steve Kelem <steve at kelem.net>
CC: docs at fedoraproject.org

Hi Steve:

Looks like a lot of good points below. I'm not aware of the status of
the SELinux FAQ; I did think most of that info was moved in to
release-specific documentation. (I haven't been a maintainer of that
FAQ in a long time.)

I'm Cc:ing this to the Fedora Docs team, who manage the depth and
breadth of Fedora technical content - definitely the folks to ask.

http://lists.fedoraproject.org/mailman/listinfo/docs

- - Karsten

On 11/08/2011 07:29 AM, Steve Kelem wrote:
> Hi. I've been reading the Fedora 13 SELinux FAQ.
> 
> 1. I found the SELinux FAQ under Fedora 13 at 
> http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id4228000.
>
>
I
> 
was surprised that this document is tied to Fedora 13. With Fedora 15
> about to be replaced by Fedora 16, it seems strange to tie SELinux 
> to a specific revision of Fedora. 2. Under "What are file 
> contexts?" it says: "Fedora ships with the |fixfiles| script,
> which supports four options: |check|, |relabel|, |relabel| and
> |verify|." One of these "relabel" options should be "restore". 3.
> Under "How do I make a user public_html directory work under
> SELinux?", item #2 says:
> 
> *|ls -Z -d public_html/|* |drwxrwxr-x auser auser 
> user_u:object_r:user_home_t public_html| *|chcon -R -t 
> httpd_user_content_t public_html/ ls -Z -d public_html
> 
> This should be:|* *|ls -Z -d public_html/|* |drwxrwxr-x auser
> auser user_u:object_r:user_home_t public_html| *|chcon -R -t 
> httpd_user_content_t public_html/ ls -Z -d public_html/
> 
> Better yet, you should distinguish what's type v.s. what's
> returned by the system:|*
> 
> *|% ls -Z -d public_html/|* |drwxrwxr-x auser auser 
> user_u:object_r:user_home_t public_html| **|%|***|chcon -R -t 
> httpd_user_content_t public_html/ |***|%|***|ls -Z -d 
> public_html/|**||*
> 
> 4. In item 3, it says that there is a "SELinux tab" in 
> system-config-selinux. My version is (c) 2006 (in Fedora 15!) and 
> does not have a SELinux tab. It has tabs: Status, Boolean, File 
> Labeling, User Mapping, SELinux User, Network Port, Policy Module, 
> and Process Domain. The command described is under the "Boolean" 
> tab, search for "home directories", and you'll find it.
> 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFOuvF82ZIOBq0ODEERAvIFAJ9qBaNKCnmPlPnoPmoK7J/x+0j9vgCbBE+o
3FWar8/2+SphFKdP+NSTd2A=
=Lao6
-----END PGP SIGNATURE-----


More information about the docs mailing list