Audit / Netlink slowness
Bernardo Innocenti
bernie at develer.com
Thu Jun 16 15:49:52 UTC 2005
Colin Walters wrote:
> On Thu, 2005-06-16 at 03:56 +0200, Bernardo Innocenti wrote:
>
>
>>I also disabled SELinux, mainly because I wasn't willing to
>>fix all my services to run properly with the strict policy that
>>was initially shipped with FC2. Then I just didn't find the
>>time/motivation to turn it on again. Yes, lame me :-)
>
>
> You are aware things have massively changed since FC2? It's
> pretty easy to reenable, nowadays just run system-config-securitylevel
> then reboot.
Yes, I do... but that's quite a complex server, with
some custom stuff installed in /usr/local, so I'm afraid
I'd have to fiddle with the policy.
Some time ago I bought O'Reilly's SELinux book and read
through it, but the underlying complexity of SELinux
scared me off somewhat.
I'm sure I can get it to work properly with my setup, but
I'm also afraid it would take too much headaches for initial
setup *and* some additional effort when I install new stuff.
That said, I'd recommend SELinux for most sites, expecially
when they are very popular.
--
// Bernardo Innocenti - Develer S.r.l., R&D dept.
\X/ http://www.develer.com/
More information about the fedora-devel-list
mailing list