What's special about SElinux
Arthur Pemberton
pemboa at gmail.com
Sun Dec 28 00:08:27 UTC 2008
On Sat, Dec 27, 2008 at 5:22 PM, Chuck Forsberg WA7KGX N2469R
<caf at omen.com> wrote:
> I tried configuring Linux so Apache wouldn't have to look
> outside /var/www for any of its data. I arranged the HD with
> a separate partition for /var/www so Apache/SElinux would
> be happy with its own little sandbox. The installation failed.
> Apparently Anaconda couldn't hack /var/www being on its
> own file system. So, back to the usual disk arrangement.
>
> I installed Fedora 10 and immediately ran the updates,
> all 770 MB of them, before doing anything else. With
> the storms in the west nobody seemed to miss omen.com
> being down over Christmas.
>
> With the up to date system, Apache would fail at line
> 280 on its init script insisting that the document root
> had to be a directory. I checked the syntax, directory
> perms et al but no joy. I didn't see an SElinux denial
> popup. Apache just thought its document root directory
> wasn't a directory.
> Disabling SElinux made it all better.
>
> There is something special about SElinux that makes it
> such an issue for me and others in similar situations.
> To adequately test Fedora before deploying it would
> require a separate local network and a separate ISP
> connection. This is not a viable solution for many.
>
> As a result, problems such as SElinux and Apache crop
> up when a system is being brought online when downtime
> to mess with the mess is not available in abundance. The
> necessary solution is to disable SElinux and hope the
> next iteration will be ready for prime time.
>
> If BSD is secure without SElinux, why not Fedora?
Consider how many people use SELinux especially when serving HTTP.
Maybe in FC2/3 it was a bit troublesome. But at this stage of
development, you really shouldn't have enough problems with SELinux
and Apache to warrant an email.
--
Fedora 9 : sulphur is good for the skin
( www.pembo13.com )
More information about the fedora-test-list
mailing list