Re: SELinux - null security context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, 2009-01-28 at 23:00 -0500, Rob Kampen wrote:
> Last resort was the 'touch /.autorelabel' and reboot. This took nearly
> an hour but once it came up all was well.
> Thanks for the pointers Filipe.
> At what point would it be safe to go to enforcing? What logs should I
> be inspecting for warnings?
> I find SELinux real hard to get my head around, extensive reading and
> still I don't get it clearly enough to where I understand it and feel
> safe committing my business server to it. And when something like this
> occurs and it takes the server down for an hour to clean it up.... not
> really production ready. 
> I'm getting ready to head for PCI-DSS audit and thought SELinux
> enforcing would be a help......any comments from those with more
> experience??
----
you shouldn't have to relabel a filesystem unless you had turned SELinux
off for a while. So that shouldn't be necessary again.

I also gathered that the RHEL 5.3 release has a bunch of the newer tools
from virtually current Fedora like SETroubleShooter which should make
life a lot easier.

I gather that CentOS 5.3 will be released in the next week or so and I
would probably wait until you have it running fine for a week or two in
permissive mode and have squashed any alerts and you should be good to
move to enforcing.

Craig

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux