On Sat, 9 Oct 2004 06:07, Temlakos <temlakos@xxxxxxxxxxx> wrote: > What do I need to consider when building > and running a new application in an SELinux environment? Those of you > out there running SELinux in enforcement mode--do you have any insights > you can share with me? Generally a well written program will not have any difficulties at all with SE Linux. But a badly written program that doesn't implement the best practices for secure Unix programming in a DAC environment will have bigger problems with SE Linux. Just do the smart things, don't have the program re-write it's own config files (have a separate process for doing this). Don't put things in /tmp with fixed file names or things that other processes may access, use /var/run/damon-name/whatever for Unix domain sockets. Use a fixed port number even if using Sun RPC for UDP and TCP. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
