Bob Hoffman wrote:
> On 6/22/2012 9:50 AM, m.roth@xxxxxxxxx wrote:
>> Bob Hoffman wrote:
>>> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>>> From: Bob Hoffman<bob@xxxxxxxxxxxxxx>
>>>>>
<snip>
>> Another thing to consider (and I really, really don't enjoy suggesting
>> it), is selinux. Turn it on to at least permissive, and it'll bitch and
>> moan if something's changed. Turn it to enforcing, and *nothing* will be
>> allowed to be changed. It is, however, a royal pain to configure, esp.
>> when you want to be able to allow a directory for users to put pics.
>>
> Would love to use SElinux. I searched high and low for any kind of
> manual and there was none.
Look for RHEL's 5 or 6; there's professional documentation.
Not that anything's that wonderful.
There's also the selinux list.
<snip>
> One thing I learned...SElinux in permissive mode only gives a warning
> once for an issue...and never again. Makes it hard
> to play with it that way, would prefer a constant error variable to keep
> them coming.
Not true. It will issue an AVC every time something tries to happen. Big
things to know:
a) ll -Z shows you the selinux context
b) chcon [-R] -[urt] <whatever> <file or directory>
c) getsebool and setsebool
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
