Intro
Russell Coker
russell at coker.com.au
Sun Oct 10 05:10:28 UTC 2004
On Sat, 9 Oct 2004 06:07, Temlakos <temlakos at comcast.net> wrote:
> What do I need to consider when building
> and running a new application in an SELinux environment? Those of you
> out there running SELinux in enforcement mode--do you have any insights
> you can share with me?
Generally a well written program will not have any difficulties at all with SE
Linux. But a badly written program that doesn't implement the best practices
for secure Unix programming in a DAC environment will have bigger problems
with SE Linux.
Just do the smart things, don't have the program re-write it's own config
files (have a separate process for doing this). Don't put things in /tmp
with fixed file names or things that other processes may access,
use /var/run/damon-name/whatever for Unix domain sockets. Use a fixed port
number even if using Sun RPC for UDP and TCP.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list