selinux strangeness
Jamon Camisso
jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Wed Jul 1 15:34:50 UTC 2009
Zbigniew Koziol wrote:
> Jamon Camisso wrote:
>> LD_ASSUME_KERNEL will fix that.
>> Read http://people.redhat.com/drepper/assumekernel.html for more.
> I did in the past something like that. Perhaps on another system. Dont
> assume however that I understand what I did or what you wrote...
> I actually right now do not understand what you wrote... ;)
I don't assume anything which is why I pointed out the information. What
you choose to do with it is entirely up to you, I don't know the
intricacies of your system to be able to spoon feed an answer (though
plugging the original error message into google and retrieving that
first result seems close enough).
> The situation is really crazy. Now, I find that when I issue "xdosemu"
> command from terminal window, it sometimes works. And.. sometimes it
> does not work, producing error message. This is a something entirely out
> of mind.
Set that environment variable and then see.
>>
>> People tend to blame selinux for a lot of problems that they haven't
>> encountered before, but generally, if your problem is selinux related,
>> there will be a message in /var/log/messages and
>> /var/log/audit/audit.log.
>
> I know about these messages.
>>
>> selinux isn't the boogeyman (turn it back on), though I dislike
>> working with it sometimes since the logged messages are rather verbose
>> and yet still somewhat cryptic.
>>
> I disagree somewhat about all this selinux. If one can not understand
> security, than that is not security.
That's the advantage of selinux, you can't break it if you don't
understand it, all you can do it turn it off. It is an effective way to
keep people who should know better from making a mess in their system.
To turn it off you have to be root and have to know that you're turning
it off. If you break something after that, it's a simple matter of pebkac.
> Besides, what a hell is this selinux for? Anyone around could really
> explain? I mean - I do probably know what for (and I doubt that the
> model used there is really useful commonly), but I want to hear from the
> list.
It enforces mandatory access controls via the kernel's lsm framework.
http://magazine.redhat.com/2007/05/04/whats-new-in-selinux-for-red-hat-enterprise-linux-5/
Jamon
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list