... fedora-selinux

Jim Cornette jim-cornette at insight.rr.com
Thu Mar 11 01:37:47 UTC 2004


Tom Needs a Hat Mitchell wrote:

>On Tue, Mar 09, 2004 at 08:47:26PM -0500, Jim Cornette wrote:
>....
>
>  
>
>>>Just as many cities have code requirements for walls and external doors
>>>this can be a good thing.
>>>
>>>
>>>      
>>>
>>I can see this with users wanting no passwords and wanting to run as 
>>root user. If some practical security was not mandated, Linux would have 
>>ended up pretty dangerous with malware attacks. I'll probably try out 
>>SELinux shortly. I was sitting back and reading the list before I 
>>actually tried to set it up.
>>    
>>
>
>In this building code case, I was thinking about security and fire
>safety.
>
>Many city fire/ building codes require thicker drywall for the garage
>and the kitchen.  Drywall is a good insulator and will slow the
>progress of a fire.  The garage and the kitchen both have fuel and
>potential sources of ignition.
>
>External doors will be thicker and have a solid core.  Internal closet
>doors will have a hollow core and be lighter and thiner.  Some cities
>require steel cased insulated doors between the home and the garage.
>That SUV with 40 gallons of gas parked next to a natural gas water
>heater is interesting.  Then there is the fuel can for the lawn mower,
>old paint, lawn and pool chemicals...
>
>As you walk through an apartment building, your home, your office
>etc. pay attention to the different types doors and door locks.  Think
>about how the concept of doors and door locks applies to your
>computer.  Check the price differences in a home improvement center.
>
>
>  
>
I set up the SELinux on one system and noticed that I posted earlier 
when I had a Fedora Core 1 system that had SELinux on it.

What happened on the Fedora Core 1 system with SELinux installed on it, 
I was not able to log into either the root or into the regular user 
accounts.
After installing SELinux on the new computer. I was able to log into 
root, but not into the regular user account.
After setting up the SELinux system with the needed programs and running 
the initial setup with "make" and "make relabel" while in runlevel 1 and 
within the proper directory, I logged into root and there was a default 
policy for root that prompted me if I wanted to change it. I kept the 
policy and logged into root without trouble.

When I logged into the regular user account, I had error messages on the 
terminal, but was able to log in and run GNOME. When logging out though, 
I ended up getting an error dialog box saying that some user was not found.

The whole SELinux deal sounds pretty boring to test out. I can see with 
your example regarding external barriers needing to be stronger than 
local policies to prevent "external fire hazards" from invading the less 
voltile and safer environment.

I haven't posted to the SELinux list yet. It seems that a lot of people 
are more interested in the fun things and are not on the list yet.

Done here, with SELinux,

Jim

-- 
You have an ability to sense and know higher truth.






More information about the users mailing list