Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: installation of selinux on non-selinux system: msg#00087
|
Subject: |
Re: installation of selinux on non-selinux system |
Daniel J Walsh wrote:
Selinux gives sort of a working system when using
system-config-securitylevel to enable selinux via the gui.(without
policycoreutils being installed) I am not too sure if this would
introduce "dep hell" if having policycoreutils pulled in when
selinux-policy for targeted or strict is pulled from a repo.
I have changed selinux-policy-targeted to require policycoreutils so
it will be pulled in in the future. Secondly from the looks of it you
are running strict policy. Please either run
system-config-securitylevel and select targeted policy and reboot.
(/.autorelabel) should be created and
or you can edit /etc/selinux/config and change SELINUXTYPE=strict to
SELINUXTYPE=targeted and touch /.autorelabel then reboot.
The init scripts will take care of relabeling.
Thanks for pulling in this package when installing
selinux-policy-targeted. This sounds like it will help reduce the
problem with httpd and system logs not being written when installing the
policy and activating selinux.
I changed to targeted using system-config-securitylevel and I liked the
warning that the system would relabel on next boot. Also, on the system
when rebooted, I liked the warning that relabeling might take some time.
Checking the log for avc errors after the system was relabled shows no
avc errors.
I'll keep in mind that strict policy is more current within rawhide. I
was not aware that the strict policy within FC3 would not be current.
Since FC3 was setup for targeted policy as default, I'll stay clear of
strict policy for awhile.
After relabeling my filesystem again in runlevel 1, I seem to get the
same type of errors as experienced before. .mozilla related files
seemed to be the major files that content was tried to be changed,
when relabeling for strict. See attached avc for today.
In order to bring up X, running setenforce 0 at a root shell was
needed, in order to launch X successfully. If there is some
lingering config file, either systemwide or hanging out in the per
user directory that is blocking X, I don't know.
The strict policy you are running 1.17.30 is way out of date. If you
want to run strict policy you need to grab the one off of Rawhide or
my people page and update and relabel. Upgrades from not SELinux
boxes are not supported for SELinux for the simple reason that
relabeling is required. So your machine ended up in a rather strange
state.
I have another computer with rawhide repositories. I'll try strict on
this system later on down the road. Rawhide was a little bit mongrelized
on the day after FC3 came out. In a week, it might be a little more in
tune. Regarding the need for relabeling being a roadblock for
non-selinux systems. It might allow the system to choose this at either
anaconda for install, but not activate selinux until either questions at
firstboot or when selecting policy from s-c-securitylevel.
Thanks for the helpful information.
Jim
Dan
--
A prohibitionist is the sort of man one wouldn't care to drink with
-- even if he drank.
-- H.L. Mencken
|
| |
