SELinux works with anything, one simply builds the policy to allow it. You also can trivially change all references to any device or drive with sed/awk. Just go look at the profiles in /etc/selinux/ Generate policy rules using audit2allowReference: http://ramblings.narrabilis.com/wp/selinux-targeted-preventing-gnome-volume-manager-from-automounting-filesystems/ On Sun, Oct 18, 2009 at 8:39 PM, Ed wrote: > On Thu, Oct 15, 2009 at 6:35 PM, Craig White > wrote: > > On Thu, 2009-10-15 at 07:27 -0700, Vaughn Treude wrote: > >> On 10/14/2009 10:27 AM, Craig White wrote: > >> > On Wed, 2009-10-14 at 06:47 -0700, Vaughn Treude wrote: > >> > > >> >>> I have found SELinux to be much better in Fedora 11 that the problem > >> >>> that it was in F10. Eventually you want to try running with it > >> >>> enforcing. > >> >>> > >> >>> > >> >>> > >> >> I need to research SELinux; I'm not very familiar with what it > >> >> does. > >> >> Thanks for the feedback. > >> >> > >> > ---- > >> > one of the reasons I suggested that you run 'fixfiles onboot' is that > >> > when you create files on other computers or in locations other than > >> > where they are stored, they will always have the wrong security > context. > >> > 'fixfiles onboot' does a complete relabel of your files. > >> > > >> > > >> Sounds like I may also need to do this if I reboot in Centos and do > >> anything with the Fedora partition, and the reboot in Fedora. Am I > right? > >> Vaughn > > ---- > > probably need to be more specific on how mounts are done in both. > > > > security contexts are different throughout the file system so if you > > relabel the Fedora partition when you boot CentOS or vice versa, you are > > likely to cause some real headaches depending of course what is being > > mounted and where it's being mounted. > > > > Craig > > > > Pardon the late reply - If you want to explore SELinux by way of > virtualization, I understand that SELinux works with KVM while it may > not with other virtualization systems. Any confirmations out there? > > Ed > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Skype: (623)239-3392 AT&T: (503)754-4452 www.obnosis.com http://www.obnosis.com/motivatebytruth/will_work_4_bandwidth.jpg