SELinux Understanding

Karl Larsen k5di at
Fri Oct 12 21:50:20 UTC 2007

Tim wrote:
> On Fri, 2007-10-12 at 14:38 -0600, Karl Larsen wrote:
>>        All files, directories, devices ... have a security context/label 
>> associated with them.  These context are stored in the extended  
>> attributes of the file system.  Problems with SELinux often arise from 
>> the file system being mislabeled. This can be caused by booting the 
>> machine with a non selinux kernel.  If you see an error message containing 
>> file_t, that is usually a good indicator that you have a serious  
>> problem with file system labeling.
>> Now I have used some of these ideas today. The list suggested and I did. 
>> But this stuff is not the kind of thing a person not using Linux in 
>> business wants to know about.
> Well, how many business users, that aren't computer savvy enthusiasts do
> you expect to be dual-booting with different kernels?  You'll probably
> find that not-only do many business users not do anything near the
> complexity of that, many don't even bother with installing any updates.
> Normally, you can expect SELinux to be something that just happens in
> the background, along with a thousand other things that you don't know
> about your computer.  Also, there's a plethora of *other* things that
> can go wrong that can be just as flumuxing to the user.
>> So why would a desktop user ever want to run SELinux :-)
> For added security.  This has been discussed to death, and not too long
> ago.  Go back and read the old threads about it.
> The sky is NOT falling.
    I agree with what you say. There is a whole lot I do not understand. 
But by necessity I have become well versed about SELinux and have it 
turned off. So this is one thing that is not going to cause the next 
time my linux fails.


	Karl F. Larsen, AKA K5DI
	Linux User

More information about the users mailing list