Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wednesday, December 08, 2010 09:31 PM, Les Mikesell wrote:
> On 12/8/10 4:22 AM, David Sommerseth wrote:
>> On 30/11/10 03:52, cpolish@xxxxxxxxxxxx wrote:
>>> Christopher Chan wrote:
>>>> Les Mikesell wrote:
>> [...snip...]
>>>> As was already mentioned in another post, run in permissive mode, for a
>>>> few days if you must, and go through all the things the software does
>>>> and voila! setroubleshoot and/or logs tell you what needs doing.
>>>
>>> Very optimistic, that. In my shop, some things run annually.
>>> A comprehensive system test = production, for a year. Just
>>> this morning a 1099 (annual tax-form) script failed in test.
>>
>> So you would rather disable SELinux completely - 365 days a year, rather
>> than to switch to permissive mode when running this script once a year?
>>
>> I'm sorry, but I'm not able follow that logic.
>
> In our case if something fails once a year we lose customers and money.  I'd
> expect that to be fairly common.
>

Again, that particular process is unlikely to be missed and also show to 
be easily mitigated by doing a realtime switch from enforcing to 
permissive. Such annual processes are fairly common and usually run 
manually. You have yet to make a compelling case for completely 
disabling SELinux just for this sort of thing.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux