selinux strangeness

Zbigniew Koziol softquake-Re5JQEeQqe8AvxtiuMwx3w at
Wed Jul 1 16:42:38 UTC 2009

Jamon Camisso wrote:
> Zbigniew Koziol wrote:
>> Jamon Camisso wrote:
>>> LD_ASSUME_KERNEL will fix that.
>>> Read for more.
>> I did in the past something like that. Perhaps on another system. 
>> Dont assume however that I understand what I did or what you wrote...
>> I actually right now do not understand what you wrote... ;)
> I don't assume anything which is why I pointed out the information. 
> What you choose to do with it is entirely up to you, I don't know the 
> intricacies of your system to be able to spoon feed an answer (though 
> plugging the original error message into google and retrieving that 
> first result seems close enough).
>> The situation is really crazy. Now, I find that when I issue 
>> "xdosemu" command from terminal window, it sometimes works. And.. 
>> sometimes it does not work, producing error message. This is a 
>> something entirely out of mind.
> Set that environment variable and then see.
>>> People tend to blame selinux for a lot of problems that they haven't 
>>> encountered before, but generally, if your problem is selinux 
>>> related, there will be a message in /var/log/messages and 
>>> /var/log/audit/audit.log.
>> I know about these messages.
>>> selinux isn't the boogeyman (turn it back on), though I dislike 
>>> working with it sometimes since the logged messages are rather 
>>> verbose and yet still somewhat cryptic.
>> I disagree somewhat about all this selinux. If one can not understand 
>> security, than that is not security.
> That's the advantage of selinux, you can't break it if you don't 
> understand it, all you can do it turn it off. It is an effective way 
> to keep people who should know better from making a mess in their system.
> To turn it off you have to be root and have to know that you're 
> turning it off. If you break something after that, it's a simple 
> matter of pebkac.
>> Besides, what a hell is this selinux for? Anyone around could really 
>> explain? I mean - I do probably know what for (and I doubt that the 
>> model used there is really useful commonly), but I want to hear from 
>> the list.
> It enforces mandatory access controls via the kernel's lsm framework.
Thanks ;)

Well... I still claim that 93.37% of users of _this_ list does not 
understand what is selinux ;)

My feeling is that it is basically about local access control. Or.. if a 
hacker brakes in and compiles something as root than after installing 
shitty stuff these may not work. Good. But this is not a sort of 
security we are mostly used to think about, a kind that would prevent 
hacking the system from outside. It rather helps to keep the system 
intact from fool actions of users and... root.

There is a catch. Often, oh God, how often, I did install software from 
outside and then I had to suffer a lot because of crazy, cryptic error 
messages. The reason? Well... software was not compiled properly with 
selinux in mind...

Dont assume that I am entirely ignorant in this subject ;) I did play 
with selinux security ;)


> Jamon
> -- 
> The Toronto Linux Users Group.      Meetings:
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns

The Toronto Linux Users Group.      Meetings:
TLUG requests: Linux topics, No HTML, wrap text below 80 columns

More information about the Legacy mailing list