How best get rid of SELinux?

Tim ignored_mailbox at yahoo.com.au
Sun Sep 23 06:59:42 UTC 2007


On Sun, 2007-09-23 at 01:11 -0500, Arthur Pemberton wrote:
> It takes less that a minute to find out 'man chcon'' :
> http://linux.die.net/man/1/chcon

chcon wasn't referred to in the list of see also man files at the bottom
of the selinux man file.  More hunting would have been required to know
about that command.  It's just another part of the obscureness of it.
At the very least, I'd expect man selinux to get me started with the
things I needed to know.

> u -> user
> r -> role
> t -> type
> 
> Manual modification of the security contexts aren't really expected of
> most people.

You need to know how to understand what's there when you're trying to
work out why you can't serve something, etc.  And they're still not
particularly coherent with the example I gave.

>>> Or a PNG file in my webserver directory:
>>> user_u:object_r:httpd_sys_content_t

That PNG is user user, object role, HTTP system content type?  WTF!
What the hell is an object role, and how is a PNG file a system
anything?

-- 
[tim at bigblack ~]$ uname -ipr
2.6.22.5-76.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.






More information about the users mailing list