SELinux?

[Bill Tangren]

On Wed, October 31, 2007 9:58 pm, mark wrote:
> Bill Hillier wrote:
>> NFlorez at sdcwa.org wrote:
>>> How do I disable and enable Selinux?
>>>
>> setenforce command ....
>>
>> setenforce 0
>> setenforce 1
>
> And reboot. And forget about it. It's a honkin' pain in the neck, unless
> you're
> running a completely canned system, and the users are only allowed to do
> what
> you've allowed them to do. May be fine for, oh, the Pentagon or the CIA,
> but in
> the real world, it's security through making it next to impossible to *do*
> anything.

Is it a pain sometimes? You betcha. I think it's worth it, though. I have,
on occasion been stopped temporarily from doing what I wanted to do, but
now that I understand how better how it works, I have no problems with it.
If someone *does* manage to crack in and take over, let's say apache, I'll
be very glad I didn't 'setenforce 0'.

Just my $0.02 worth.

Bill