SElinux

[Matthew Saltzman]

On Mon, 3 Apr 2006, Robert Nichols wrote:

> Craig White wrote:
>> The policy updates from Fedora have been frequent and are automatically
>> installed/applied
>
> True, and they might even be workable on a system that is set up
> with 100% standard file system structure and users whose interaction
> with the OS is limited to clicking on icons.  Add a separate
> filesystem for large downloaded files or have a user that uses the
> (gasp!) command line to do bizarre things like redirect the output
> from ping onto a file in his home directory and SELinux starts
> blocking you at every turn unless you can spend the time to become
> an SELinux guru and figure out what needs to be tweaked in the
> policy or attributes to fix things _this_ time, and try to guess
> how badly that change will break when tomorrow's policy update gets
> installed.

This (blocking redirected pings) seemed bizarre to me, so I brought it up 
on the fedora-selinux list.

Good News: I had the resolution in about 45 minutes.

Bad News (maybe): It's apparently an actual bug.  I will bugzilla later if 
Robert doesn't relent and do it first.

Sort-of Good News: Once it's fixed, that issue will be resolved, 
presumably for good.
-- 
 		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs