Re: Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 05/25/2010 08:36 PM, Whit Blauvelt wrote:
>
> Thoughtful advice. Thanks. Is there some method to duplicate basic
> configuration files across selinux servers without running restorecon for
> each set of files that's copied over - that is, to copy them with their
> selinux labels intact?

Usually if you copy them directly to their destination, they'll have the 
correct context.  If you copy it to a different location first (like 
/home/) and then move it into place, it'll have the context that it got 
when it was created (like user_home_t).

I use bcfg2 to manage configuration files, for instance, and I don't 
believe that any SELinux contexts are broken as a result.

>> From this limited example, it looks like selinux gets in the way of standard
> administrative tasks, yet wouldn't be in the way at all of anyone who'd
> acquired a shell within which they could run another shell and with that
> call whatever program they like.

No, it wouldn't, and it's not intended to.  It is intended to confine 
your system daemons so that an attacker cannot overflow a buffer and 
execute arbitrary shell code (for instance).
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux