Re: SELinux survey (was RE: Stupid F7 boot loop)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Andrew Kelly wrote:

On Wed, 2007-08-29 at 16:04 +0100, Jonathan Allen wrote:

On Wed, Aug 29, 2007 at 09:41:19AM -0500, Mikkel L. Ellertson wrote:

From there you can deside if you want to disable selinux, or relabel
the system so selinux works correctly.

How is that (easily) done - I haev to admit that now it is running
disabled, I'm very much tempted to leave it that way rather then
mess about "in flight" so to speak.  Presumably I'll save a little
mill time at a fairly minimal risk on a secure system ...

Jonathan




Forgive the invitation to discussion, but....

I personally have immediately disabled SELinux on any and every box I've
ever installed for myself, and grind my teeth any time I even see the
word. 
Would any of you out there care to share with me any of your personal
experiences with SELinux being useful to you (in any way whatsoever), on
a single-user workstation?

I'm quite willing to admit my ig'nerz on the subject and am open to
being taught why the functionality is a Good Thing (tm).

Andy


After reading several replies to this thread, I see "I am not alone" ...
I have SELinux turned on, in permissive mode.... everyday I see various denial messages in my Logwatch report which I have not yet taken the time to figure out. They are cryptic to say the least. But, like so many things that appear complex at first glance, it just takes a little reading and experimentation. (eg. iptables CLI commands)
At a high level, I understand the concepts of what SELinux is doing.... and like the idea, but I have not tried to learn how to use it. I suppose if I were feeling a little more brave, I would turn it on in "enforcing" mode then fight whichever fires flared up.
However, I have not made the time to do that...my "plan" (and I use the term loosely) is to figure it out, eliminate improper error messages from my Logwatch reports, and THEN try SELinux in enforcing mode....
That's the theory... in practice, I will probably wait until I have a spare box to run another Linux image on, and play with that one more aggressively.... :-) 


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux