On Sat, Nov 30, 2013 at 3:31 AM, ToddAndMargo <[log in to unmask]> wrote:

> Hi David,
>
>   Loved the article.  I understood all about the cartoons and
> the dogs and cats.  Perfectly done.  Unfortunately, when the
> real world kicked in: zoom, right over my head.
>
>   Who sets up these labels and how is that done?  Some GUI
> for this?

In theory, people like David, when creating RPM packages, incorporate
some guidelines. And in testing, one can set SELINUX to "permissive",
and record what violations are being reported. With that in hand, and
some system knowledge, you can tune the SELinux settings, update the
package installers, and go another round.

In practice? Few developers are willing to help write good packages,
and many completely ignore the File System Hierarchy, so they wind up
putting stuff in all *sorts* of places. And it winds up the RPM
authors'  problem to straighten out any SELinux conflicts. Our friends
upstream at Fedora and Red Hat are pretty good about it. But when
developing home or buisiness layouts with personnel who've not dealt
with it, it's usually easier to just turn SELinux off or set
permissive, and try to clean up if and when you have cycles.