SELinux works with anything, one simply builds the policy to allow it.
You also can trivially change all references to any device or drive with
sed/awk.
Just go look at the profiles in /etc/selinux/
Generate policy rules using audit2allowReference:
http://ramblings.narrabilis.com/wp/selinux-targeted-preventing-gnome-volume-manager-from-automounting-filesystems/
On Sun, Oct 18, 2009 at 8:39 PM, Ed <
plug@0x1b.com> wrote:
> On Thu, Oct 15, 2009 at 6:35 PM, Craig White <craigwhite@azapple.com>
> wrote:
> > On Thu, 2009-10-15 at 07:27 -0700, Vaughn Treude wrote:
> >> On 10/14/2009 10:27 AM, Craig White wrote:
> >> > On Wed, 2009-10-14 at 06:47 -0700, Vaughn Treude wrote:
> >> >
> >> >>> I have found SELinux to be much better in Fedora 11 that the problem
> >> >>> that it was in F10. Eventually you want to try running with it
> >> >>> enforcing.
> >> >>>
> >> >>>
> >> >>>
> >> >> I need to research SELinux; I'm not very familiar with what it
> >> >> does.
> >> >> Thanks for the feedback.
> >> >>
> >> > ----
> >> > one of the reasons I suggested that you run 'fixfiles onboot' is that
> >> > when you create files on other computers or in locations other than
> >> > where they are stored, they will always have the wrong security
> context.
> >> > 'fixfiles onboot' does a complete relabel of your files.
> >> >
> >> >
> >> Sounds like I may also need to do this if I reboot in Centos and do
> >> anything with the Fedora partition, and the reboot in Fedora. Am I
> right?
> >> Vaughn
> > ----
> > probably need to be more specific on how mounts are done in both.
> >
> > security contexts are different throughout the file system so if you
> > relabel the Fedora partition when you boot CentOS or vice versa, you are
> > likely to cause some real headaches depending of course what is being
> > mounted and where it's being mounted.
> >
> > Craig
> >
>
> Pardon the late reply - If you want to explore SELinux by way of
> virtualization, I understand that SELinux works with KVM while it may
> not with other virtualization systems. Any confirmations out there?
>
> Ed
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
Skype: (623)239-3392
AT&T: (503)754-4452
www.obnosis.com
http://www.obnosis.com/motivatebytruth/will_work_4_bandwidth.jpg
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
239-3392%0A>%20AT&T:%20(503)754-4452%0A>%20www.obnosis.com%0A>%20http://www.obnosis.com/motivatebytruth/will_work_4_bandwidth.jpg%0A>%20---------------------------------------------------%0A>%20PLUG-discuss%20mailing%20list%20-%20PLUG-discuss@lists.plug.phoenix.az.us%0A>%20To%20subscribe,%20unsubscribe,%20or%20to%20change%20your%20mail%20settings:%0A>%20http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss "Reply to this message")
(text/plain)