SELinux Understanding
Karl Larsen
k5di at zianet.com
Fri Oct 12 21:50:20 UTC 2007
Tim wrote:
> On Fri, 2007-10-12 at 14:38 -0600, Karl Larsen wrote:
>
>> FILE LABELING
>> All files, directories, devices ... have a security context/label
>> associated with them. These context are stored in the extended
>> attributes of the file system. Problems with SELinux often arise from
>> the file system being mislabeled. This can be caused by booting the
>> machine with a non selinux kernel. If you see an error message containing
>> file_t, that is usually a good indicator that you have a serious
>> problem with file system labeling.
>>
>> Now I have used some of these ideas today. The list suggested and I did.
>> But this stuff is not the kind of thing a person not using Linux in
>> business wants to know about.
>>
>
> Well, how many business users, that aren't computer savvy enthusiasts do
> you expect to be dual-booting with different kernels? You'll probably
> find that not-only do many business users not do anything near the
> complexity of that, many don't even bother with installing any updates.
>
> Normally, you can expect SELinux to be something that just happens in
> the background, along with a thousand other things that you don't know
> about your computer. Also, there's a plethora of *other* things that
> can go wrong that can be just as flumuxing to the user.
>
>
>> So why would a desktop user ever want to run SELinux :-)
>>
>
> For added security. This has been discussed to death, and not too long
> ago. Go back and read the old threads about it.
>
> The sky is NOT falling.
>
>
I agree with what you say. There is a whole lot I do not understand.
But by necessity I have become well versed about SELinux and have it
turned off. So this is one thing that is not going to cause the next
time my linux fails.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the users
mailing list