RE: SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I agree.  FTP doesn't work between two RH machines (for me) with Selinux enabled.  I can ftp to/from any other enviroment, but not between any two Selinux enabled Redhats.  So my RH auto ftp scripts disables, then re-enables, Selinux now.  
 
I could find no solution, nor did any one offer one here on the list.
 
Buddy> Date: Fri, 2 Nov 2007 09:23:57 -0500> From: arpotu@xxxxxxxxxxxxxx> To: redhat-list@xxxxxxxxxx> Subject: Re: SELinux?> > I agree that selinux is a step in the right direction, since it starts to> get past that "root owns everything" paradigm, but I would be much more> comfortable with it if I could *easily* view, create, and adjust> policies/context. As it stands now, selinux is a patch, not a fix. For> example, on reboot my mysql server doesn't start, but selinux isn't> mentioned as a culprit during boot. As a result I spend time> investigating *other* problems, then finally disable selinux to see if it> works. Voila! So, now I can restorecon on mysql, reenable selinux and> all is well - Except that I had to GUESS at the cause.> > Selinux (and it's current state of integration with RedHat) isn't quite> there yet.> > Cheers,> Arpotu.> > > > On Wed, October 31, 2007 9:58 pm, mark wrote:> >> Bill Hillier wrote:> >>> NFlorez@xxxxxxxxx wrote:> >>>> How do I disable and enable Selinux?> >>>>> >>> setenforce command ....> >>>> >>> setenforce 0> >>> setenforce 1> >>> >> And reboot. And forget about it. It's a honkin' pain in the neck, unless> >> you're> >> running a completely canned system, and the users are only allowed to do> >> what> >> you've allowed them to do. May be fine for, oh, the Pentagon or the CIA,> >> but in> >> the real world, it's security through making it next to impossible to> >> *do*> >> anything.> >> > Is it a pain sometimes? You betcha. I think it's worth it, though. I have,> > on occasion been stopped temporarily from doing what I wanted to do, but> > now that I understand how better how it works, I have no problems with it.> > If someone *does* manage to crack in and take over, let's say apache, I'll> > be very glad I didn't 'setenforce 0'.> >> > Just my $0.02 worth.> >> > Bill> >> >> >> > --> > redhat-list mailing list> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe> > https://www.redhat.com/mailman/listinfo/redhat-list> >> > -- > redhat-list mailing list> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Peek-a-boo FREE Tricks & Treats for You!
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux