dingo at coco2.arach.net.au
Wed Aug 10 08:34:18 CDT 2005
Michael Shigorin wrote:
>>No silly sagas like selinux is Stable (aka Woody). For those
>>who don't know, selinux didn't actually work in Woody though it
>>was supposed to. Croker and the others couldn't get the fixes
>>into Woody because "they are not security-related."
> Well the favourite selinux advice on Fedora media is "turn it off"...
> seems like it's a default even.
It was a bit of a shock to me when (on my WBEL box) I couldn't serve www
stuff from /var/local - the standard rules prohibit Apache from doing
that, and turning it off is very tempting.
But there are people persevering with it, and that's good for all of us.
> Still it should get more testing than being just not compiled in.
> And that's the point.
I have a Sarge box (originally Woody I think) and I thought I'd try
selinux on it - without reading the instructions. I installed all the
obvious selinux stuff I could find with apt-cache. I'm not sure how
close I am because I don't see an selinux-supporting kernel.
Having done that I noticed some missing programs I've been using on FC:
setfattr amd getfattr.
Now, I used to use OS/2 and I even tried to write some C code. OS/2 has
always (I think) supported extended attributes. Extendaed attributes are
used to support (properly) long file names on FAT filesystems, to store
user data descrbing a file - EPM (a text editor) can use EAs to describe
highlighting in C code: since the C compiler doesn't understand EAs, it
ignores them when compiling the code. They're also used to attach icons
to objects (typically but not necessarily files and directories), and to
describe subclasses of files and directories such as wordprocessor
And the kernel supports searching directories using these extended
attributes as search arguments: it could return a list of MSWord
documents _even if_ they didn't have names ending on .DOC.
Anyway, I'm a great fan of EAs and I have started using them in a script
or to to store information about files, and these programs are the
commandline tools to do it.
Also, EAs are used on Linux to support ACLs and by selinux.
So I figure my Sarge box isn't close to working yet.
I _must_ upgrade my Warty box<->.
More information about the sounder