On Fri, Jun 28, 2013 at 10:32 PM, Rajagopal Swaminathan <[email protected]> wrote:
> > Please note that SELINUX is a very powerful subsystem and has several > associated/related commands as a family. > > Kindly treat them as a group. > +1 It is powerful but also complex. > I must note here that many admins disable that (the equivalent of > disabling firewall) rather than keeping them as permissive or Best yet > "enforcing". I cannot attribute it to anything else other than > laziness/incompetence. I would add lack of time. One would have to read the docs, understand the MAC concept. Experiment the custom setup on a non production box before migrating it to production. It may come easy to some but I am guessing most people get daunted by the entire thingy. I recall, that a default install of apache on CentOS would not work with SELinux set to enforce. One had to set it to "permissive." This might have been fixed in the latest incarnates. > Beyong India, such admins will face severe > retribution. Sometimes even loss of job. Do you have any data to back this up? To the best of my knowledge SELinux is installed and ON (default IIRC) only in Redhat and derivative distros. On other distros (e.g. Debian, Ubuntu, openSUSE) it is available but *not* installed by default. openSUSE / Ubuntu defaults to App Armor (IIRC). > Hence request you to publish each command in a series as that can be accessed SELinux is non trivial. If you have domain knowledge (beyond n00b+) in the area, please help Dhana Sekar. Additionally, please blog it with use case scenarios. -- Arun Khan Sent from my non-iphone/non-android device (অরুণ খান্/अरुण खान) _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc ILUGC Mailing List Guidelines: http://ilugc.in/mailinglist-guidelines
