Re: selinux is a pain

---

• From: Robert Nichols <rnicholsNOSPAM@xxxxxxxxxxx>
• Date: Tue, 20 Sep 2011 19:59:11 -0500

---

On 09/20/2011 03:10 PM, Alan Cox wrote:

In some perhaps. The big cases it helps are desktop (mostly protecting
against browser stuff) - where it usually just works, and web serving,
where it's most definitely valuable but does mean reading the docs.

I always find it interesting when people say that, since the browser
actually runs unconfined**. There is a boolean that confines browser
plugins, but its default state is OFF, and quite a few things stop
working if you turn it on.

Even with all the nonstandard things I do with my system, I'm still able
to run with SELinux in enforcing mode quite nicely. Prior to about
Fedora 12, I couldn't do that. The tools to allow mere mortals to
analyze problems and make needed policy changes weren't up to the task,
and each new Fedora release made changes that forced you to throw out
much of what you had learned and work it all out again. That now
seems to be all in the past. My biggest problem these days is that I
have so little need to use the tools that I forget how.

** I'm running CentOS 6 on my primary machine. Perhaps things are
different in the latest Fedora release.
# ps -Z $(pgrep firefox)
LABEL PID TTY STAT TIME COMMAND
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 31756 ? Sl 2:26
/usr/lib64/firefox-3.6/firefox

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

---

• References:
  • selinux is a pain
    • From: Martín Marqués
  • Re: selinux is a pain
    • From: Joe Zeff
  • Re: selinux is a pain
    • From: Martín Marqués
  • Re: selinux is a pain
    • From: Marcus D. Leech
  • Re: selinux is a pain
    • From: Alan Cox

• Prev by Date: Re: Samba problems. Samba master fight with Linksys E4200 wireless router with storage ?
• Next by Date: Re: selinux is a pain
• Previous by thread: Re: selinux is a pain
• Next by thread: Re: selinux is a pain
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Fedora aint playin around w/Firefox 3. ... with the freeness of the software, and 2) if you disagree then simply ... The "Services" are built into the browser provided by the company(+ ... open source software is the agenda of the developers (in all fairness ... the options are all enabled exactly as with the Fedora version. ... (Fedora) Re: Call for vote: Nautilus use Browser view for fedora 11 ... Lets use the browser view of nautilus in the next fedora release. ... Well, scientific or not, I never use Nautilus in any mode other than browser mode. ... Why force a user to open a window for every single folder as one opens one subfolder after another? ... (Fedora) Re: Fedora aint playin around w/Firefox 3. ... The "Services" are built into the browser provided by the company(+ ... Perhaps they should not be enabled by default in Fedora? ... open source software is the agenda of the developers (in all fairness ... I installed FF 3 on Ubuntu yesterday and can't honestly remember. ... (Fedora) Re: Call for vote: Nautilus use Browser view for fedora 11 ... Lets use the browser view of nautilus in the next fedora release. ... Tabbed browsing is "hot" these days ... (Fedora) Re: Call for vote: Nautilus use Browser view for fedora 11 ... Lets use the browser view of nautilus in the next fedora release. ... My taskbar fills up in notime each time i open a new folder ... (Fedora)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Mailing-Lists  > Fedora  > 2011-09