Do you use SELinux

Jonathan Underwood jonathan.underwood at gmail.com
Mon Jun 11 20:44:19 UTC 2007


On 11/06/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Jonathan Underwood wrote:
> > On 11/06/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
> >> I hope that everyone who is reporting that SELinux broke their machine
> >> is reporting the bugs in bugzilla even if they are turning it off.
> >> Being good community members.  It is difficult to improve the product
> >> without getting the bugzillas.
> >
> > I try as much as I can to do this. But there's quite a lot of
> > confusion with F7 - with setroubleshoot, it frequently reports avc
> > denials, and tells you to file a bug report. Recently I did that, and
> > the bug was closed as NOTABUG and a comment to relabel the file. Left
> > me scratching my head, as surely that is a bug with the policy. Or
> > another package on the system - either way, the NOTABUG made me think
> > that the SElinux maintainers didn't want to hear every setroubleshoot
> > report I had, so I stopped reporting them.
> >
> Well I am one of the SELinux maintainer, and I probably told you it was
> not a bug.
>
[ah, yes, should've looked more carefully at the email adddress :)]

> If the setroubleshoot tells you to relabel a file/directory try it.  If
> it works then don't report a bug unless it returns.
>
> Several bugs are caused by doing upgrades and this might leave the file
> system mislabeled.  Other cases we might not know
> what caused the file to be mislabeled, whether it was Human interaction
> or an application.  So if you do not have information about how it
> became mislabeled we can not necessarily figure out what happened.
>
>

Oh, rigth ok. In the case I am thinking of, it was a fresh install of
F7. I should've pointed that out.

Thanks,
Jonathan




More information about the users mailing list