Faites que le rêve dévore votre vie afin que la vie ne dévore pas votre rêve

I’ve been using Red Hat Linux since version 5.2 (back in 1998, I’m sure I still have the CD’s somewhere) I then switched to Fedora after the RedHat/Fedora merge. Since then I’m regularly testing the Fedora bleeding-edge version aka Rawhide, mainly on my laptop.

I’ve always left SELinux on permissive mode because I was annoyed by the flow of error messages. Now Fedora has enabled setroubleshoot and the baloon messages keeps popping on my desktop. So I tried to finaly solve this. After searching the web and reading a few fora, I found this :

# semanage login -l
Login Name                SELinux User              MLS/MCS Range
__default__               system_u                  s0
root                      root                      -s0:c0.c255
system_u                  system_u                  SystemLow-SystemHigh

You can notice that there’s only root here, not my regular username

# semanage user -l
                Labeling   MLS/       MLS/
SELinux User    Prefix     MCS Level  MCS Range                      SELinux Roles
root            user       s0         SystemLow-SystemHigh           staff_r sysadm_r system_r unconfined_r
staff_u         user       s0         SystemLow-SystemHigh           staff_r sysadm_r system_r
sysadm_u        user       s0         SystemLow-SystemHigh           sysadm_r
system_u        user       s0         SystemLow-SystemHigh           system_r
user_u          user       s0         s0                             user_r

These are the profiles available for use. After searching a little bit again, I ran this command:

# semanage login -a -s user_u jeo

“jeo” is my regular username ; now everything looks fine:

# semanage login -l
Login Name                SELinux User              MLS/MCS Range
__default__               system_u                  s0
jeo                       user_u                    s0
root                      root                      -s0:c0.c255
system_u                  system_u                  SystemLow-SystemHigh

No more annoying messages (well, sort of ; there’re some left, probably missing in the regular policy package) Great!