Do you use SELinux
jonathan.underwood at gmail.com
Mon Jun 11 20:44:19 UTC 2007
On 11/06/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
> Jonathan Underwood wrote:
> > On 11/06/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
> >> I hope that everyone who is reporting that SELinux broke their machine
> >> is reporting the bugs in bugzilla even if they are turning it off.
> >> Being good community members. It is difficult to improve the product
> >> without getting the bugzillas.
> > I try as much as I can to do this. But there's quite a lot of
> > confusion with F7 - with setroubleshoot, it frequently reports avc
> > denials, and tells you to file a bug report. Recently I did that, and
> > the bug was closed as NOTABUG and a comment to relabel the file. Left
> > me scratching my head, as surely that is a bug with the policy. Or
> > another package on the system - either way, the NOTABUG made me think
> > that the SElinux maintainers didn't want to hear every setroubleshoot
> > report I had, so I stopped reporting them.
> Well I am one of the SELinux maintainer, and I probably told you it was
> not a bug.
[ah, yes, should've looked more carefully at the email adddress :)]
> If the setroubleshoot tells you to relabel a file/directory try it. If
> it works then don't report a bug unless it returns.
> Several bugs are caused by doing upgrades and this might leave the file
> system mislabeled. Other cases we might not know
> what caused the file to be mislabeled, whether it was Human interaction
> or an application. So if you do not have information about how it
> became mislabeled we can not necessarily figure out what happened.
Oh, rigth ok. In the case I am thinking of, it was a fresh install of
F7. I should've pointed that out.
More information about the users