On 05/10/2016 12:08 PM, m.roth@xxxxxxxxx wrote:
Which assumes that setting selinux to enforcing doesn't break your websites, or the locally-created root directories that have been created before an actual sysadmin came onboard, or....
That's my biggest problem with SELinux. I suppose at some point I need to invest both time and money and take a class on it, but every time I try to use it - it gets in the way and when I try to resolve it, the documentation is very confusing and I think the documentation often makes assumptions about concepts being known that I don't know.
I know that it can be a significant benefit when you are attacked with an exploit that either is either zero-day or hasn't been patched, but so far when I have tried enabling SELinux it ends up taking up hours and hours and hours of my time.
And sometimes the problems are things like tmpfs - I don't remember exactly what it was, but I had an issue where when I finally got help, the answer was don't use tmpfs if you have SELinux enabled.
I want to use it, I do, but so far it has only caused me grief. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
