Horked-up system, Fedora 11
Lisa Kachold
lisakachold at obnosis.com
Mon Oct 19 08:52:55 MST 2009
SELinux works with anything, one simply builds the policy to allow it.
You also can trivially change all references to any device or drive with
sed/awk.
Just go look at the profiles in /etc/selinux/
Generate policy rules using audit2allowReference:
http://ramblings.narrabilis.com/wp/selinux-targeted-preventing-gnome-volume-manager-from-automounting-filesystems/
On Sun, Oct 18, 2009 at 8:39 PM, Ed <plug at 0x1b.com> wrote:
> On Thu, Oct 15, 2009 at 6:35 PM, Craig White <craigwhite at azapple.com>
> wrote:
> > On Thu, 2009-10-15 at 07:27 -0700, Vaughn Treude wrote:
> >> On 10/14/2009 10:27 AM, Craig White wrote:
> >> > On Wed, 2009-10-14 at 06:47 -0700, Vaughn Treude wrote:
> >> >
> >> >>> I have found SELinux to be much better in Fedora 11 that the problem
> >> >>> that it was in F10. Eventually you want to try running with it
> >> >>> enforcing.
> >> >>>
> >> >>>
> >> >>>
> >> >> I need to research SELinux; I'm not very familiar with what it
> >> >> does.
> >> >> Thanks for the feedback.
> >> >>
> >> > ----
> >> > one of the reasons I suggested that you run 'fixfiles onboot' is that
> >> > when you create files on other computers or in locations other than
> >> > where they are stored, they will always have the wrong security
> context.
> >> > 'fixfiles onboot' does a complete relabel of your files.
> >> >
> >> >
> >> Sounds like I may also need to do this if I reboot in Centos and do
> >> anything with the Fedora partition, and the reboot in Fedora. Am I
> right?
> >> Vaughn
> > ----
> > probably need to be more specific on how mounts are done in both.
> >
> > security contexts are different throughout the file system so if you
> > relabel the Fedora partition when you boot CentOS or vice versa, you are
> > likely to cause some real headaches depending of course what is being
> > mounted and where it's being mounted.
> >
> > Craig
> >
>
> Pardon the late reply - If you want to explore SELinux by way of
> virtualization, I understand that SELinux works with KVM while it may
> not with other virtualization systems. Any confirmations out there?
>
> Ed
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.obnosis.com
http://www.obnosis.com/motivatebytruth/will_work_4_bandwidth.jpg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20091019/2a2bcccd/attachment.htm
More information about the PLUG-discuss
mailing list