So yesterday’s post apparently got a little interest – mostly positive, insomuch as it’s realized that there are a few issues. But wait! There’s more! Call in the next 10 minutes and we’ll super extra double size your order!
Tonight, I decided to install a virtual machine containing a copy of the latest experimental Ubuntu (that’s known as “Ubuntu unstable”). To do this, I decided to install Hardy Heron via a CD image (bootstrap via ISO) and then perform an upgrade to the experimental release (dist-upgrade using apt). I downloaded a CD image from the MIT Media Lab using Firefox, then fed this into virt-manager. It failed, with a nice backtrace.
Now, this would seem to be the kind of activity that many people would want to undertake. Downloading images, booting them inside a virtual machine manager, and then using the resultant virtual machine image. But more than just that, what I wanted to do wasn’t exactly rocket science – skip the virtualization bit if that makes you think this is complex, I’m just talking about downloading a CD image and using it somehow.
The reason this activity failed was because of the SELinux configuration. The CD image Firefox had downloaded was in a temporary file download context, living in my Download directory, whereas virt-manager is not allowed to read from this kind of file until you’ve blessed it with a magical incantation of chcon. So, in this case, the “Microsoft Windows Vista” approach to security won out – get in the way so much that the user is quickly driven to distraction and inclined to turn it off. As I am, almost. After precisely one day of using SELinux in enforcing mode on a laptop (which has an encrypted disk and is only used by me) I’m about ready to throw it away…I’d hate to be an end user trying to manage this stuff.
No, this isn’t just like moving to UNIX permissions and groups. With the former, everything is well documented and widely understood already, but more importantly, there are nice tools to manage them. For example, right clicking on the file in the graphical file management application (nautilus) allows one to do many things, including viewing the SELinux context, but not actually changing this. I can’t find a nice pretty way for users to do this without having to grep through the policy files (to find out what the context should be) and then run other commands from the console. The point is, it’s a bit early in the game to have such complex policies with crazy numbers of contexts if users can’t easily manage this stuff. They need to be able to fix the problem too.
I tried to stop always blaming SELinux for everything by forcing myself to actually use it, but I’m beginning to regret this decision.