On Tue, 6 Sep 2011, John Doe wrote:
Nothing wrong; I already read it, and will read the redhat doc...
Just looking for all the doc I can find on the subject.
And maybe also for the hidden secret magic button that will auto-write
the hundreds custom policies we will need...
Creating a custom policy for an apache to use a non standard rootdir or
port seems indeed easy with audit2allow... But several of our servers
are more or less 10% standard (rpm based) and 90% custom, with dozens
of apps/scripts listening on dozens non standard ports, sockets, accessing
many files here and there...
So the task is a bit daunting.
This illustrates a point I was making to Russ offlist...the only way I
see to implement selinux in an 'enterprise' environment is to do it on a
major version revision. And you will need buy in up to the 'C' level to
beat back the murderous hordes of programmers and admins whose stuff
will 'break'. Or you sign up to an endless treadmill of piecemeal
selinux admin.
(IMO selinux is great...)
----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE jim@xxxxxxxxxxxxx http://www.rossberry.net
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
