It is a good thing to have i think its restrictions are unrealistic. For me it has gotten to a point where selinux is always the first thing i disable (permanently). Seems to me that active selinux and a *working* box are mutually exclusive. How do u guys configure it in a production environment?
...apologies for top posting. My phone won't let me do otherwise... Selinux can be a pain to configure esp. when you're new to it. I've also had a nasty experience where the install process stopped a selinux configuration (was able to figure this out by switching to another console) and the kernel panicked on first boot. In this case one has to use a rescue disk, chroot the HD and set selinux state to disabled. Once u have the hang of it it'll be less of a pain. BR, S On 9/18/09, Tech List Kenya <techlistkenya@gmail.com> wrote:
It is a good thing to have i think its restrictions are unrealistic. For me it has gotten to a point where selinux is always the first thing i disable (permanently). Seems to me that active selinux and a *working* box are mutually exclusive.
How do u guys configure it in a production environment? _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Sent from Gmail for mobile | mobile.google.com "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Stolen from someone else's sig.
The best way to learn SELinux is to put it on permissive mode, it will give you all the notices for you to add the rules but no blockings - I use it in permissive mode and after some time, I have a full range of ruleset which I then use while enforcing. ./Ok3ch On Fri, Sep 18, 2009 at 11:35 AM, Steve Muchai <smuchai@gmail.com> wrote:
Thanx for the insights On 9/18/09, Okechukwu <okechukwu@gmail.com> wrote:
The best way to learn SELinux is to put it on permissive mode, it will give you all the notices for you to add the rules but no blockings - I use it in permissive mode and after some time, I have a full range of ruleset which I then use while enforcing.
./Ok3ch
On Fri, Sep 18, 2009 at 11:35 AM, Steve Muchai <smuchai@gmail.com> wrote: _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
One time SELinux denied users service for almost 1 day. Turning it off restored service. It can be annoying.. 2009/9/19 Tech List Kenya <techlistkenya@gmail.com>
Thanx for the insights
On 9/18/09, Okechukwu <okechukwu@gmail.com> wrote:
The best way to learn SELinux is to put it on permissive mode, it will give you all the notices for you to add the rules but no blockings - I use it in permissive mode and after some time, I have a full range of ruleset which I then use while enforcing.
./Ok3ch
On Fri, Sep 18, 2009 at 11:35 AM, Steve Muchai <smuchai@gmail.com> wrote: _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Hi I srsly dont like seLinux, I could not start mysql for a remote server for some time only to realize the damn thing would not allow it. BTW im in no way interested in learning it, I always set it to permissive and thats it, hahaha. Cheerz Themburu On Sat, Sep 19, 2009 at 7:12 PM, Njoroge Tito <titonjoroge@gmail.com> wrote:
One time SELinux denied users service for almost 1 day. Turning it off restored service. It can be annoying..
2009/9/19 Tech List Kenya <techlistkenya@gmail.com>
Thanx for the insights
On 9/18/09, Okechukwu <okechukwu@gmail.com> wrote:
The best way to learn SELinux is to put it on permissive mode, it will give you all the notices for you to add the rules but no blockings - I use it in permissive mode and after some time, I have a full range of ruleset which I then use while enforcing.
./Ok3ch
On Fri, Sep 18, 2009 at 11:35 AM, Steve Muchai <smuchai@gmail.com> wrote: _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- Conservatism is the adherence to the old tried against the new untried.
participants (5)
-
George Njoroge -
Njoroge Tito -
Okechukwu -
Steve Muchai -
Tech List Kenya