Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, Nov 27, 2010 at 10:58:00AM +1100, Alison wrote:
> Hi,
> 
> total newbie on CentOS. Just firing up an install of 5.5 on a
> development webserver. Installed Webmin, Awstats, PHPMyAdmin and
> Drupal successfully. Yet to work on Sendmail and Samba. SELinux in
> enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t)
> "read write" to /var/webminsessiondb.pag (var_t)".

	There is a reason that control panels are effectively
	unsupported; you just hit on one of those reasons.  Although I
	must admit I don't fully grasp why webmin is referencing
	ifconfig_t.

> Googled the error message without real success in finding fix - bug
> reports showing. Question is whether worth pursuing as SELinux is the
> way of the future. Or is SELinux a good idea that never really made
> it's way into the sun. Thoughts please.

	There are only a small number of corner cases in which SElinux
	is not appropriate; for all other cases it should be enabled.

	It exists for a reason and is shipped fully enabled for a
	reason.  Being able to limit access based on contexts and roles
	is an incredibly powerful tool which greatly improves the
	security of your server and the integrity of your data.

	Following is a list of very useful SElinux resources.  

	http://wiki.centos.org/HowTos/SELinux
	http://wiki.centos.org/TipsAndTricks/SelinuxBooleans
	http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/
	http://fedorasolved.org/security-solutions/selinux-module-building
	http://centoshelp.org/security/selinux-common-commands-troubleshooting

	Some quality time with these resources will allow you to correct
	the SElinux exception you listed above and also give you a much
	better understanding of SElinux as a whole.




							John
-- 
The best argument against democracy is a five minute conversation
with the average voter.

-- Winston Churchill

Attachment: pgpFtO_NOTNGX.pgp
Description: PGP signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux