Re: selinux??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 25 January 2016 at 14:28, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
> Allegedly, on or about 25 January 2016, bruce sent:
>> I fully get the need for security.. But if I can't get the security
>> working as it should, but I still need to build whatever the project
>> might be.. the project is going to get created.
>>
>> If running Selinux in permissive mode is enough, great, so be it.
>
> SELinux in permissive mode is *not* secure.  You're using the computer
> in an insecure mode, and all SELinux is doing is logging the things that
> it would have stopped.
>

I have actually once seen permissive mode preventing login, IIRC this
was something to do with PackageKit doing its own context based
checks.

As for the rest though, Miroslav's reply is spot on, if there are
specific problems or issues then get help from the selinux list to
sort them out, but the policy setup and tools are mature enough at
this point that it's rare. If Bruce is really concerned, run
permissive, check there's no alerts coming up then switch to
enforcing. Worst that happens is you have to kill that instance
because you lose access, and like I've said I think that's hard to do.
It's not something that's suddenly going to kick you out during
operation in any normal circumstance.

-- 
imalone
http://ibmalone.blogspot.co.uk
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux