On Thu, April 13, 2017 3:05 am, Nicolas Kovacs wrote:
> Le 13/04/2017 à 04:27, Robert Moskowitz a écrit :
>> But make sure to have SELinux enabled if you do not run it chrooted.
>>
>> I have mine running that way.
>
> I bluntly admit not using SELinux, because until now, I mainly used more
> bone-headed systems that didn't implement it. Maybe this is the right
> time to get started.
Another alternative with at least same level of security, though not
giving me any trouble I hear people sometimes have with SELinux is to run
services in separate jails (or other containers) - with base system
mounted inside jail read-only (I use FreeBSD jails - apologies for
mentioning, but Linux experts here can suggest fair Linux equivalent).
Valeri
>
> I understand there's a wealth of information about SELinux. Any
> recommendations for a newbie-friendly primer? I don't mind to RTFM, even
> extensive documentation, but I prefer stuff that's well-written.
>
> Cheers,
>
> Niki
>
> --
> Microlinux - Solutions informatiques durables
> 7, place de l'église - 30730 Montpezat
> Web : http://www.microlinux.fr
> Mail : info@xxxxxxxxxxxxx
> Tél. : 04 66 63 10 32
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
