On Sat, Nov 27, 2010 at 10:58:00AM +1100, Alison wrote: > Hi, > > total newbie on CentOS. Just firing up an install of 5.5 on a > development webserver. Installed Webmin, Awstats, PHPMyAdmin and > Drupal successfully. Yet to work on Sendmail and Samba. SELinux in > enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t) > "read write" to /var/webminsessiondb.pag (var_t)". There is a reason that control panels are effectively unsupported; you just hit on one of those reasons. Although I must admit I don't fully grasp why webmin is referencing ifconfig_t. > Googled the error message without real success in finding fix - bug > reports showing. Question is whether worth pursuing as SELinux is the > way of the future. Or is SELinux a good idea that never really made > it's way into the sun. Thoughts please. There are only a small number of corner cases in which SElinux is not appropriate; for all other cases it should be enabled. It exists for a reason and is shipped fully enabled for a reason. Being able to limit access based on contexts and roles is an incredibly powerful tool which greatly improves the security of your server and the integrity of your data. Following is a list of very useful SElinux resources. http://wiki.centos.org/HowTos/SELinux http://wiki.centos.org/TipsAndTricks/SelinuxBooleans http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/ http://fedorasolved.org/security-solutions/selinux-module-building http://centoshelp.org/security/selinux-common-commands-troubleshooting Some quality time with these resources will allow you to correct the SElinux exception you listed above and also give you a much better understanding of SElinux as a whole. John -- The best argument against democracy is a five minute conversation with the average voter. -- Winston Churchill
Attachment:
pgpFtO_NOTNGX.pgp
Description: PGP signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
