Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Daniel J Walsh wrote:
> On 12/07/2010 12:46 PM, m.roth@xxxxxxxxx wrote:
>> Daniel J Walsh wrote:
>>> On 12/07/2010 11:59 AM, Benjamin Franz wrote:
>>>> On 12/07/2010 08:12 AM, Daniel J Walsh wrote:
 <mvnch>
>> What have you done for folks who have third-party software, either F/OSS
>> or COTS, or in-house developed stuff, *none* of which was written with
>> selinux in mind, and is *not* going to be rewritten any time soon?
>> You've seen me on the selinux list, and I have yet to figure out why I
see the
>> complaints about contexts, since they *appear* to be temp files, and I
>> don't know where they're located, or where the CGI scripts are that
>> create them are, and *all* of it's got the added complexity that some
of that
>> are on NFS-mounted directories.
>
> We have attempted to work with them, setup default labeling for them
> when we know about the problems, embarrass them when they say you need
> to disable SELInux.  Red Hat is working on new developer tools to help
> third party developers work on RHEL systems.   I am not sure what else I
> can do to get them to work with the security systems in place on RHEL.

Ok, it's good to know you are thinking about that. How 'bout a tool, point
it at a directory, and it reports only the files/directories that are
default, or break policy, or that *might* suggest where there's a problem
(scripts in this directory will write default_t if they run anywhere but
/here/ohly/, etc?

        mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux