SELinux

Patrick Dupre pd520 at york.ac.uk
Sun Aug 29 21:25:35 UTC 2010 

On Sun, 29 Aug 2010, mike cloaked wrote:

> On Sun, Aug 29, 2010 at 6:14 PM, Erik P. Olsen <epodata at gmail.com> wrote:
>> On 29/08/10 18:42, Rex Dieter wrote:
>>> Patrick Dupre wrote:
>>>
>>>> On Sun, 29 Aug 2010, Rex Dieter wrote:
>>>>
>>>>> Patrick Dupre wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> With fedora 13, when I use Math:GSL, I get an error message:
>>>>>>    Can't load '/usr/local/lib/perl5/auto/Math/GSL/Errno/Errno.so' for
>>>>>>    module
>>>>>> Math::GSL::Errno: /usr/local/lib/perl5/auto/Math/GSL/Errno/Errno.so:
>>>>>> cannot restore segment prot after reloc: Permission denied at
>>>>>> /usr/lib/perl5/DynaLoader.pm line 200.
>>>>>>
>>>>>> if I do not switch SELinux to permissive !!
>>>>>
>>>>> Seems something you installed yourself that's running afoul of selinux,
>>>>> fedora doesn't install anything into /usr/local/... by default.
>>>>>
>>>> Of course, I NEED Math:GSL !!!!
>>>
>>> OK, so... what's your point?  Your original post seemed to be blaming
>>> selinux here, for something that's not testable (ie, supporting/testing
>>> something not included in fedora).
>>
>> I would advise Patrick to disable Selinux. I've made that decision long ago
>> because it gives me more problems when enabled that I can possibly solve. IMHO
>> the user interface is so bad that selinux is unuseable for an ordinary enduser.
>>
>
> With many selinux issues with a bit of effort and help from a few
> experts the issues can often be resolved - I have been running all my
> systems with selinux enforcing since F9 - and the additional
> protection is worth it.  There are a few things from outside Fedora
> (like Crossover) that will only work in f13 with one selinux setting
> downgrading security but other than that I have no problem with any of
> the systems. The other thing that is worthwhile it actually reading
> the selinux guide and understanding how it ticks. That way you can
> often work around problems yourself with a bit of probing of the files
> and processes involved in an AVC denial.
>
> There are some real experts around on this list and they are often
> ready to make suggestions from their significant knowledge base that
> is worthwhile listening to and by responding and working with them
> then more often than not the issues can be resolved.

In my opinion, people involved in the fedora projetc should
work with the package makers, Math:GSL and Scilab for example
to see how they could make the installation and the
use of the package correct/compatible with SELinix !

-- 
---
==========================================================================
  Patrick DUPRÉ                      |   |
  Department of Chemistry            |   |    Phone: (44)-(0)-1904-434384
  The University of York             |   |    Fax:   (44)-(0)-1904-432516
  Heslington                         |   |
  York YO10 5DD  United Kingdom      |   |    email: pd520 at york.ac.uk
==========================================================================

More information about the users mailing list