Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I am *this* close to disabling selinux!

Matthew Gillen wrote:
>> Did it change the default policy, or just the running policy?
> Neither.  It set a property on the file itself (stored by the filesystem).
> The texrel_shlib_t is basically a group that needs to do something that most
> programs shouldn't need to do.  Video codecs are notorious for this
> technique though (which is probably one of the reasons they have so many
> security problems).

Yeah, I finally understood that after I sent that email through more
Googling, and studying sealert's output more closely.

>> So yes, there's this pretty good tool if you stumble upon it, but how
>> can you have a tool that's so invasive without accessible documentation?
> That issue is sort of endemic to linux in general ;-)

Agreed, of course, but most of the software that effects the whole
system like that are better documented, with the clear exception of X
configuration, which will always be black magic.

> Part of the answer is that it's still being developed.  You might look this
> site for more info on the setroubleshoot tool:

While that page is now only moderately useful, it's a good start, and
it's a place to capture more information.  After I read more of what's
there now, I'll see if I can contribute anything.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /