do I need SELinux?

[Jim Cornette]

Daniel J Walsh wrote:
> Jim Cornette wrote:
> 
>> Steven Stern wrote:
>>
>>> On Sat, 20 Nov 2004 01:49:39 -0500, Jim Cornette 
>>> <fc-cornette at insight.rr.com>
>>> wrote:
>>>
>>>
>>>> fixfiles relabel comes back with a command not found. I am using 
>>>> up2date to get the strict policy and to see if any deps are pulled 
>>>> in which include fixfiles
>>>
>>>
>>>
>>>
>>> I  have the same issue on the upgraded machine. OTOH, I installed FC3 
>>> on a
>>> brand new Compaq yesterday. SELinux seems to be working and happy.
>>>
>>
>> I never had SELinux installed on this computer before. I remember 
>> downloading a host of programs and dropping to a shell, then 
>> performing the fixfiles relabel, which did restore my computer to a 
>> usable SELinux state.
>>
>> What surprised me is that neither installing selinux-policy-targeted 
>> or selinux-policy-strict pulled in any needed dep for selinux to 
>> include the fixfiles utility. The below listed are all that ended up 
>> being installed. I'll have to search the SELinux list archivs for the 
>> list of programs that contain fixfiles.
>>
>> selinux-policy-targeted-1.17.31-1
>> libselinux-1.19.1-3
>> selinux-policy-strict-1.17.30-2
>>
>> Running in permissive because of the missing fixfiles and no logs or 
>> httpd specific corrections.
>>
>> Jim
> 
> 
> 
> Fixfiles is part of policycoreutils which is required by policy source 
> packages  but not the regular policy package in FC3.
> I will add policycoreutils as a required part of the policy rpms, this 
> will force it to be pulled in, since not having the tools to
> relabel makes the policy file pretty useless.
> 
> Dan
> 

Thanks! This should make things work better.
Now, I have no avc errors with targeted after the relabeling process 
that was automated through selections in system-config-securitylevel. 
I'm back to having logs and running in enforcing mode vs permissive mode.

Jim

-- 
I allow the world to live as it chooses, and I allow myself to live as I
choose.