Latest updates broke my system

Thu Dec 13 06:14:08 UTC 2007

Antonio M wrote:
> i set selinux= 0 at boot time and the system is up and running (even
> if I have other problems )
> For sure I will not run selinux=enforcing for a long time.
> Testing is testing, but I do not want to enforce my testing on
> unneeded issues, i.e. at the moment selinux policy and updates are
> causing more disadvantages and troubles than advantages.
> 
> And this way of development risks that many testers may abandon
> selinux....so development will get slower. My two cents

Your problem is almost guaranteed to be going back and forth from selinux and
not... the filesystem labels DO get messed up when you're doing this from fully
disabled to enforcing.  When you get it established and operational, and don't
circumvent it manually, you shouldn't have these type of issues prevent your
whole system from being usable.  Turning it on (for future reference) to enabled
immediately after its been completely disabled awhile is a really bad idea, but
rather going to permissive and then fixing labels first before enforcing is safest.

So its not really how its being developed... but how you're using it; you are
definitely better off either choosing to test with selinux on always or NOT AT
ALL, or expect filesystem label issues to arise.  Its ok for you not to do your
testing with it enabled (some people need to so problems with it off get
addressed to!).

-- 
Andrew Farris <lordmorgul at gmail.com> <ajfarris at gmail.com>
   gpg 0xC99B1DF3 at pgp.mit.edu

No one now has, and no one will ever again get, the big picture. - Daniel Geer
----                                                                       ----