[rhelv6-list] selinux (not quite) disabled?
Greg_Swift at aotx.uscourts.gov
Greg_Swift at aotx.uscourts.gov
Fri Dec 3 14:16:13 UTC 2010
i'm not saying I've succeeded in convincing people to let me run SELinux in
enforcing anywhere, but think about the argument you just made:
"I've got it [SELinux] enabled on my desktop and laptops", which while
useful, aren't as ready of targets for hackers (we are talking Linux not
Windows).. Desk/laptop environments are also more broad and varied in
software that is run and the potential that you will run into SELinux
issues (such as jch's dropbox issue).
"on my servers though...[i have it disabled]..." However most servers are
ready targets, with ports open and attractive to someone trying to break
in. Servers tend to have a stable software configuration and use cases,
leading to SELinux being easier to maintain in the long run since behavior
patterns aren't as likely to change constantly. Yes, easier by comparison,
and not saying its "easy".
-greg
rhelv6-list-bounces at redhat.com wrote on 12/03/2010 06:34:52 AM:
>
> Right. I've got it enabled on my desktop and laptops. On servers
though...
>
> Sent from my iPhone
>
> On Dec 3, 2010, at 5:08 AM, "John Haxby" <john.haxby at gmail.com<
> mailto:john.haxby at gmail.com>> wrote:
>
>
>
> On 3 December 2010 00:59, Marti, Robert <<mailto:RJM002 at shsu.edu
> >RJM002 at shsu.edu<mailto:RJM002 at shsu.edu>> wrote:
> SELinux scares people, to put it simply. Instead of fixing thinks to
> work with it, it gets disabled so no one has to deal with it. I'd
> rather fix it, but the normal complaint is lack of time to do it
> right. I normally set it to permissive mode and make a note to come
> back and address the issues later. So far later hasn't come.
>
>
> This is an argument I have sympathy with.
>
> However, just short of three years ago I decided enough was enough
> and I was going to get to grips with this thing on my laptop. So I
> left selinux enabled.when I installed whatever was the current
> Fedora at the time.
>
> As I recall, the only problem I had was with the web server I was
> running(*) Fixing that was a matter of ten minutes between me and
> google. Since that time I've picked up other selinux stuff
> incrementally — I'm far from being an expert but I'm not afraid of
> selinux any more and I can make use of it after a fashion. (Fedora
> 14 has a problem with some 32 bit apps and selinux but I can live
> without dropbox for the moment.)
>
> jch
>
>
> * yes, on a laptop: you have problem with that? :-)
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com<mailto:rhelv6-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
More information about the rhelv6-list
mailing list