[rhelv6-list] selinux (not quite) disabled?

Marti, Robert RJM002 at shsu.edu
Fri Dec 3 15:31:55 UTC 2010 

Servers get weird applications that don't come with SELinux contexts, weird placement of files, etc...

I rarely use anything on my laptops/desktop that isn't in the Fedora repos. On my servers, however, I have things like Oracle, Blackboard, dotCMS, an other apps that don't play nice -at all- with SELinux. Sure, fewer things change on a daily basis, but theres *far* more of a starting curve. 

Sent from my iPhone

On Dec 3, 2010, at 8:48 AM, "Greg_Swift at aotx.uscourts.gov" <Greg_Swift at aotx.uscourts.gov> wrote:

> i'm not saying I've succeeded in convincing people to let me run SELinux in
> enforcing anywhere, but think about the argument you just made:
> 
> "I've got it [SELinux] enabled on my desktop and laptops", which while
> useful, aren't as ready of targets for hackers (we are talking Linux not
> Windows)..  Desk/laptop environments are also more broad and varied in
> software that is run and the potential that you will run into SELinux
> issues (such as jch's dropbox issue).
> 
> "on my servers though...[i have it disabled]..." However most servers are
> ready targets, with ports open and attractive to someone trying to break
> in.  Servers tend to have a stable software configuration and use cases,
> leading to SELinux being easier to maintain in the long run since behavior
> patterns aren't as likely to change constantly.  Yes, easier by comparison,
> and not saying its "easy".
> 
> -greg
> 
> rhelv6-list-bounces at redhat.com wrote on 12/03/2010 06:34:52 AM:
> 
>> 
>> Right. I've got it enabled on my desktop and laptops. On servers
> though...
>> 
>> Sent from my iPhone
>> 
>> On Dec 3, 2010, at 5:08 AM, "John Haxby" <john.haxby at gmail.com<
>> mailto:john.haxby at gmail.com>> wrote:
>> 
>> 
>> 
>> On 3 December 2010 00:59, Marti, Robert <<mailto:RJM002 at shsu.edu
>>> RJM002 at shsu.edu<mailto:RJM002 at shsu.edu>> wrote:
>> SELinux scares people, to put it simply. Instead of fixing thinks to
>> work with it, it gets disabled so no one has to deal with it. I'd
>> rather fix it, but the normal complaint is lack of time to do it
>> right. I normally set it to permissive mode and make a note to come
>> back and address the issues later. So far later hasn't come.
>> 
>> 
>> This is an argument I have sympathy with.
>> 
>> However, just short of three years ago I decided enough was enough
>> and I was going to get to grips with this thing on my laptop.  So I
>> left selinux enabled.when I installed whatever was the current
>> Fedora at the time.
>> 
>> As I recall, the only problem I had was with the web server I was
>> running(*)   Fixing that was a matter of ten minutes between me and
>> google.   Since that time I've picked up other selinux stuff
>> incrementally — I'm far from being an expert but I'm not afraid of
>> selinux any more and I can make use of it after a fashion.   (Fedora
>> 14 has a problem with some 32 bit apps and selinux but I can live
>> without dropbox for the moment.)
>> 
>> jch
>> 
>> 
>> * yes, on a laptop: you have problem with that? :-)
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list at redhat.com<mailto:rhelv6-list at redhat.com>
>> https://www.redhat.com/mailman/listinfo/rhelv6-list
>> 
>> _______________________________________________
>> rhelv6-list mailing list
>> rhelv6-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhelv6-list

More information about the rhelv6-list mailing list