I have been using Fedora for about two years. I love it except one thing: I can not get used to SELinux. SELinux in Fedora evolves rapidly and it is not uncommon that an updated SELinux breaks up other things. So here is my question: is it really useful for a desktop which doesn't have a whole bunches of services running except OpenSSH? I am deciding whether to disable SELinux for good.
View 2 Replies
I wonder if SELinux really are necessary for a home desktop ?
It only makes my computer use more problematic than it already is.
What can happend if I uninstall it on my Fedora 13 dist ?
Is the hole Internet going to come in to my computer and destroy it ?
If I uninstall SELinux, is the firewall uninstalled also ?
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedI've been trying to get SELinux working in OpenSUSE 11.2. So far I can get to runlevel 3 with enforcing=0. Before I start tinkering with audit2allow, The 11.2 repository gives me these policy rpms:
[URL]
But that version of policy has some issues in OpenSUSE:
1) failure to allow the graphical desktop to load (even with enforcing=0) . The following message appears in the console during boot:
** (gdm:1073): WARNING **: Couldn't connect to system bus: A SELinux policy prevents this sender from sending this message to this recipient (rejected message had sender "(unset)" interface "org.freedesktop.DBus" member "Hello" erro name "(unset)" destination "org.freedesktop.DBus") startproc: exit status of parent of /usr/sbin/gdm: 1 Since enforcing is off, I'm surprised to see a message like that. SELinux shouldn't be preventing anything, so I don't see how modifying policy will solve that. Ideas?
2) Attempting to boot to runlevel 5 with kernel parms "security=selinux selinux=1 enforcing=0", I'm dropped off in runlevel 3 instead. I'm getting a couple of pages of AVC errors after boot (see below). I've tried several other versions of the policy without luck:
- the version included in Fedora 12 (refpolicy-2.2009117
- the latest release from Tresys
- the latest from the repository at Tresys
[Code]....
I'm running into some problems setting up Tor on Fedora 14. I have followed the following guide to a T (although I realize it is for Fedora 10):orum.org/showthread.php?t=211516.I believe the problem is SELinux... but I'm not sure. Has anyone had any success running Tor in Fedora 14 without it bugging out? If not, is there some sort of Unix alternative?
View 12 Replies View RelatedHow can I solve the problem?
View 1 Replies View RelatedThere are several options available, such as "Ignore Alert" and "Turn off memory protection". What are the consequences of choosing one or the other?I'm new to Fedora and I'm not familiar with SELinux. Can someone please give me guidelines (or explanation) on how to deal with SELinux alerts?
View 7 Replies View RelatedI have installed Fedora 13 Beta released last week. I want to know if selinux is running on my box or not?What command can provide me such info?
View 5 Replies View RelatedI came across the following method of how to permanently disabling selinux and it's notifications. Although changing enforcement from the gui into permissive mode does most of the job, the notifications still pop-up when some applications are started.
So to disable it do the following:
open terminal as root and execute:
Quote:
And then change the SELINUX line to SELINUX=disabled
Quote:
This is it. Now reboot the system and selinux will never bother you again.
If you are not a Fedora user and you are using this forum just because we are cooler here then you will not find the /etc/selinux/config as in the fedora releases. What you need to do is to edit the kernel boot line and add selinux=0 at the end:
Quote:
Reboot the system
After my cloning problems this morning were resolved, I have been able to complete conversion of the clone to run from an encrypted root partition. However, I have been unable to enable selinux when running from the encrypted root. /etc/selinux/config contains the settings that work on my unencrypted system
SELINUX=enforcing
SELINUXTYPE=targeted
and it is not disabled from the grub bootline, but the encrypted system always comes up with selinux disabled. Attempting to enable it with the command setenforce 1 fails, and to add insult to injury, the selinux administration-gui shows that it is enabled and enforcing. The cloned, now encrypted, system was cloned via rsync -aHXv, so the selinux contexts/attributes have been maintained as near as I can tell. I did have to disable selinux while performing the rsync of the /selinux directory in order to get it to copy and I am wondering if there was still some issue with this method.
I know some of you are running from encrypted root fs's and was wondering: Do you have selinux enabled and is it functioning properly? Any suggestions as to how I might jumpstart it or force it to run? Maybe I should boot into the system and uninstalling/reinstalling selinux?
I just upgraded to fedora 12 via clean install with old /home partition and deleting old config files, and here is my issue. I need to edit the menu, and I need to set SELinux to permissive. OOo will not run with SELinux enabled for some reason, and besides, all my systems use SELinux in permissive. These two options no longer exist in the menu
View 7 Replies View RelatedI made the Selinux inactive with easylife how can I reactivate it.
View 6 Replies View RelatedI'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:
SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.
How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?
Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then
View 10 Replies View RelatedI get the SELinux and wine error. How can this be fixed?
View 1 Replies View RelatedI have trouble with my Fedora 14 on laptop, that I never had on previous Fedora versions (10-13).The SELinux not allow mplayer to play flv files and I cannot convert any files from flv to mp3.I have all codecs installed.Also Totem not works propely.I can shutdown SELinux (but dont want to) but there still remain (already installed) codec, which cant be found (decoder h.264).So its not matter if I shutdown SELinux because I still cant play flv
Ok so there are my error message (sorry for my english!):
Code:
ffmpeg
ffmpeg: error while loading shared libraries: libxvidcore.so.4: cannot enable executable
[code]...
My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
View 11 Replies View RelatedI tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.
View 2 Replies View RelatedI have a Selinux Troubleshooting app but no Admin. How do I admin it?
View 1 Replies View RelatedI have accidentally locked myself out in the following manner. I have Fedora 13 with SElinux. The whole hard drive was encrypted at install with Fedora's standard method. Upon logging into a non-root account called "hoss", I set the policy (in gnome) System menu -> Administration -> SElinux administration -> User Mapping -> added the logged on user as a SElinux user with only user_u privileges. After reboot, I successfully log in as hoss, but now I get an error when trying to open the SElinux administration, any open office program, or any task requiring elevation with root password (the prompt never comes up). What is worse is I did not set the ability to login the console as root. This user now does not have write privileges to any of root's documents. I cannot access the hard drive from a remote source because it is encrypted. Is there any way whatsoever to now elevate myself to root to reconfigure SElinux? When I open the SElinux administration Should there not be a prompt that gives me a root password to be able to correct SElinux by removing "hoss" from the list? As of right now this account seems to be totally unable to be elevated to higher privileges. I cannot even use the Add/Remove software feature to apply patches to SElinux without a root password. Elevating to su in bash is also blocked.
View 3 Replies View RelatedI get constantly this error, how can disable clamav in SElinux, or there is maybe a rule for it?
SELinux is preventing the clamscan from using potentially mislabeled files (./clamav-366ce73c2b6ad30d9e062d
SELinux is preventing the clamscan from using potentially mislabeled files (/tmp/clamav.577/clamav-9c353ad9c85b
I doubt what 's difference of firewall and selinux. As far as I know... Firewall is security software for block unauthorized others connection. selinux is Linux-based security software.
View 2 Replies View Relatedhaving trouble understanding selinux. the domain is cluster containing permissions. a type is nothing more than a label applied to something like a file,right? so instead of applying the permission set of foo domain to the /etc/shadow file it would be apply label shadow_t to /etc/shadow and make the shadow_t apart of the foo domain?
View 1 Replies View RelatedWe have installed RHEL 5.4 on our servers and everything is running fine. Now I have gone through various server hardening checklist and most of them suggest to enable SELinux. We have several services running on Linux box. Now my question is, do we have to make any chagnes to the existing configurations if we enable SELinux. Or we just enable SELinux and leave it as it is. Because I have had prior experiences where SElinux will stop many services and restrict access to many libraries when enabled.
View 1 Replies View RelatedWhen I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.
I went into the SeLinux GUI and enabled things in there but still it wont work.
Any thoughts on what to check?
permissive mode and disabled they work
I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working
ps -eZ | grep sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 432 ? 00:00:00 sshd
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2426 ? 00:00:00 sshd
[root@goxsa1340 ~]# ps -eZ | grep httpd
user_u:system_r:httpd_t 3044 ? 00:00:00 httpd
[Code].....
I'm getting the error described in this bug. The fix is described in the bug:Code:The following additional SELinux permissions were found to resolve the situation:
samba_domtrans_winbind_helper(httpd_t)
allow httpd_t winbind_helper_t:process signal;
apache_append_log(winbind_helper_t)
[code].....
am trying to Selinux in enforcing mode, but its giving below error.I have Ubuntu server 10.10root@ubuntu:/common# setenforce 1setenforce: SELinux is disabled
View 1 Replies View RelatedI always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
[Code]....
I have a selinux alert every time I print to cups_pdf after upgrading to Centos 5.3 from 5.2. This never happened before. This is the alert I get
SELinux is preventing sh (cups_pdf_t) "search" to ./sbin (sbin_t)
It tells me to allow the access I need to run the cmd
restorecon -v './sbin'
I have tried it but nothing happens.
I turned on SELinux today on my laptop, but when I tried to reboot I found that I can't! The boot process stalls every time on "Starting system logger". A load of "permission denied" messages preceed that, including various items in /var/sys. Most flash by far too fast for me to note them down.
I have tried the backup kernel from the grub menu but get the same result. What has gone on here and what can I do to get around this?
