Re: Completeley disabling SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



nate wrote:
> 
> I can certainly see value in SELinux in some environments, I have
> yet to operate one where it would provide value to me.

I find that SELinux runs in enforcing mode quite unobtrusively on my
laptop, where I'm running a pretty much out-of-the-box Fedora 10.
On my CentOS 5 desktop, though, forget it!  I'm doing too many
things like a dhclient-exit-hooks script that adjusts named.conf and
tells the daemon to reload, a script that saves some accounting info
when iptables is stopped, various cron jobs that invoke constrained
executables to do horrible things like write something to a file,
..., that sort of thing.  Every time I take a stab at enabling
SELinux in that environment and get close to figuring out enough
local policy adjustments and custom labeling to make it work, a
new release comes along and none of what I've done works any more.
On that system, all removable parts of SELinux have been removed,
and all security attributes have been purged from the filesystems.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux