Re: What's this error message telling me?
On Sun, Jun 17, 2007 at 13:22:07 -0600, Telly Williams wrote:
> Florian Kulzer wrote:
> >
> >I think that depends on how restrictive your SELinux setup is. Can you
> >turn SELinux off and try to install slib again?
> >
> >
> Whoa. I did 'echo 0 >/selinux/enforce' and now everything works, including
> Open Office. Thanks Florian.
>
> I just began using SELinux and trying to understand how everything works.
> Why wouldn't it let me install slib while I was root? Is it that there's no
> such thing as a Super User in SELinux? ~Telly
As far as I understand it, the point of SELinux is to be able to put
finer-grained restrictions on everybody, including root. For example,
you might want to forbid root to do certain things if he/she is not
sitting in front of the keyboard. That way you can limit the damage that
a remote attacker can do even if he/she manages to gain root. This gives
you more security, but it also means that you can lock yourself out if
you are not careful with your policies. Completely disabling SELinux is
just a quick-and-dirty check to see if it is indeed the cause of your
installation problems. The next step, as Ron has already pointed out, is
to check the logs to find out which policy you have to relax, and to
figure out how to relax it just enough to let the next slib upgrade
happen without problems.
The same goes for OpenOffice. It will probably still take a while until
the default policies are optimized for all applications. One should
probably also keep in mind that the primary purpose of SELinux is to
improve the security of servers, therefore it will naturally be more of
a hassle to make applications work which are normally not run on a
server.
--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |
Reply to: