Hello,

This is related to the last post in this forum - why can't SE Linux be used with Reiser FS?
Reiser is just a filesystem, it should have no say or condition on what software runs on top of it.....?

Also, I would like an encrypted filesystem, using Reiser and SE.
I also maybe want a (transparently) compressed FS as well! :)

No possibilia.....? :)

Come on, someone tell me it's not true........? :)

Read this article (http://www.redhat.com/magazine/001nov04/features/selinux/)
Here is one of key quote:

The ReiserFS code in Fedora does not properly support labelled operation with SE Linux as Hans Reiser has no interest in XATTR support before Reiser4.

OK,

In any case, I have a little trouble understanding what all this stuff DOES - if I have a file, and I chmod a-r it, SE Linux will not protect it any More than linux normally does, will it?

I have a bit of a problem understanding the Security enhanced part of it - it is just more of Access Control , not actually more protection for each thing that it is protecting?
(that is, files, am I right? or does it include running processes as well? But those are already very very thoroughyl walled off from one another...)

OK,

In any case, I have a little trouble understanding what all this stuff DOES - if I have a file, and I chmod a-r it, SE Linux will not protect it any More than linux normally does, will it?

I have a bit of a problem understanding the Security enhanced part of it - it is just more of Access Control , not actually more protection for each thing that it is protecting?
(that is, files, am I right? or does it include running processes as well? But those are already very very thoroughyl walled off from one another...)


Read this - http://www.nsa.gov/selinux/

Yes, it is about processes, not file security. It's about boundaies and access rules, not read and write.

A hacker can write if they are in the area. But if they are only in a user area they can only write (delete) the one users data. A virus can take down the web site, but not the webserver, and / or the DB and kernal.

Bd code can take down the dhcp client sevice, but not samba.

But if and only if SELinux is running and defined for that service.

Turn off SELinux to use Res-FS (as one guy said, so he can scan his disk after hard resets) is a catch-22 circle. Prevent hard rests in the first place and EXT3attr has journalling and can be restarted after a hard reset (tech talk for system crash).

I've installed NVidia viedo drivers with no noise from SELinux.
I've installed older progams, wine, a windows program, no noise from SELinux,
becuse it was all running in the correct area.

Welcome to the 21st Century, ;)
FC4 has even more SELinux inside.

SJ