From: Andreas Schuldei <andreas@schuldei.org>
To: SE-Linux <selinux@tycho.nsa.gov>
Subject: Re: selinux and kde
Date: Tue, 24 Aug 2004 14:26:46 +0200 [thread overview]
Message-ID: <20040824122646.GA1655@lukas.schuldei.com> (raw)
In-Reply-To: <20040823234320.GC12720@lkcl.net>
* Luke Kenneth Casson Leighton (lkcl@lkcl.net) [040824 03:46]:
> ... does anyone ever actually _use_ strict selinux policy enforcing
> and successfully run kde under it??
>
> i mean, i know i've been doing a lot of messing about trying
> to get things to work, including perhaps unnecessarily adding
> a policy for k3b (and cdrecord) and one for usbmount, and
> fireflier too, but a 1,800 line patch to the default 1.14
> policy is a heck of a lot of messing.
i agree. i set up a debian unstable server some weeks ago and
installed (quite painfully) selinux, running into most of the
problems you encountered before. when it was up it crashed
regularly at least every other day, since i compiled a kernel
without apm (following a hunch), which improved the situation
drastically and the server reaches uptimes of up to seven days
now.
the amount of avc messages i got when running normal operation
without any special stuff (postfix mostly, where spam filtering
with spamd is the most advanced operation i do) discouraged me
slightly to pursue this path right now.
i conclude that debian is not a viable platform for selinux for
non-selinux development right now. this is a real tragedy since
both russel and colins were working on it some time ago as their
prime platform, pushing it hard on debian, but i guess the
enormous debian initeria and the reluctance to include their lib
into base along with their jobs at redhat killed it for now.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2004-08-24 16:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-23 23:43 selinux and kde Luke Kenneth Casson Leighton
2004-08-24 8:56 ` Thomas Bleher
2004-08-24 14:49 ` Luke Kenneth Casson Leighton
2004-08-24 22:04 ` Luke Kenneth Casson Leighton
2004-08-29 17:27 ` Russell Coker
2004-08-30 9:34 ` Luke Kenneth Casson Leighton
2004-08-24 12:26 ` Andreas Schuldei [this message]
2004-08-24 22:19 ` Luke Kenneth Casson Leighton
2004-08-24 23:18 ` Erich Schubert
2004-08-29 17:29 ` Russell Coker
2004-08-29 18:46 ` Andreas Schuldei
2004-08-30 0:40 ` Russell Coker
2004-08-30 10:01 ` Luke Kenneth Casson Leighton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040824122646.GA1655@lukas.schuldei.com \
--to=andreas@schuldei.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.