>
> The best thing to do is add this to /etc/selinux/config
>
> SELINUX=disabled
>
> And then get on with the real jobs....
>
Listening to all the pros and cons of SELinux.
I'd like to improve the security of our regional web server using SELinux.
We have a main regional web site and several virtual domains, kept up by
private users, all on the same server. Some of the private users want to run
php and database apps on their websites. Up till now I steered away from
allowing users to run anything on their sites, since a breakin to any
private virtual domain would endanger the whole http process, including the
main regional site. I'm preparing to switch over to a new (CentOS 4)
machine, and I thought to set up a different SELinux context for each
virtual domain, so that a vulnerability in someones private web site would
be isolated and not be able to crash the other domains.
Is this achievable *without* SELinux??
Thanks,
Micha
