CVS1 and selinux
Selinux on cvs1 is now in enforcing mode. Please keep an eye out for any oddities or broken services and let us know. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS1 and selinux
On Mon, Sep 21, 2009 at 15:49, Mike McGrath wrote: Selinux on cvs1 is now in enforcing mode. Please keep an eye out for any oddities or broken services and let us know. I'm curious, why was it disabled in the first place ? I guess that's because of something that was discussed before I joined this mailing-list, and I'm interested in knowing the problems that arose (and the way they were fixed), just for the sake of learning :) -- Mathieu Bridon (bochecha) ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS1 and selinux
Last I heard, most of our machines had SELinux set to permissive. Was I misinformed? Darren VanBuren - Sent from my iPod Try Fedora 10 today. Fire it up. http://fedoraproject.org/ (I need a new slogan for Fedora 11 from marketing) On Sep 21, 2009, at 6:49, Mike McGrath mmcgr...@redhat.com wrote: Selinux on cvs1 is now in enforcing mode. Please keep an eye out for any oddities or broken services and let us know. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS1 and selinux
On Mon, 21 Sep 2009, Mathieu Bridon (bochecha) wrote: On Mon, Sep 21, 2009 at 15:49, Mike McGrath wrote: Selinux on cvs1 is now in enforcing mode. Please keep an eye out for any oddities or broken services and let us know. I'm curious, why was it disabled in the first place ? I guess that's because of something that was discussed before I joined this mailing-list, and I'm interested in knowing the problems that arose (and the way they were fixed), just for the sake of learning :) It's extremely expensive to go from a non-selinux environment to an enabled environment. We just haven't had time to set all of our hosts up (some still aren't enforcing yet). Now we get to find out how expensive it is during maintenance :) -Mike___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS1 and selinux
On Mon, 21 Sep 2009, Darren VanBuren wrote: Last I heard, most of our machines had SELinux set to permissive. Was I misinformed? Depends on when you were told that :) We've been slowly working towards an enforcing environment over the last year and a half or so. I called cvs1 out in particular because some of our processes on that host aren't run very often and it's difficult for users of the host to realize what's going on. Figured it best to make our admins aware since it would probably be non-obvious to them as well. -Mike Darren VanBuren - Sent from my iPod Try Fedora 10 today. Fire it up. http://fedoraproject.org/ (I need a new slogan for Fedora 11 from marketing) On Sep 21, 2009, at 6:49, Mike McGrath mmcgr...@redhat.com wrote: Selinux on cvs1 is now in enforcing mode. Please keep an eye out for any oddities or broken services and let us know. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: CVS1 and selinux
Well, you should know that I haven't been involved with Infra for a year. Darren VanBuren - Sent from my iPod Try Fedora 10 today. Fire it up. http://fedoraproject.org/ On Sep 21, 2009, at 7:54, Mike McGrath mmcgr...@redhat.com wrote: On Mon, 21 Sep 2009, Darren VanBuren wrote: Last I heard, most of our machines had SELinux set to permissive. Was I misinformed? Depends on when you were told that :) We've been slowly working towards an enforcing environment over the last year and a half or so. I called cvs1 out in particular because some of our processes on that host aren't run very often and it's difficult for users of the host to realize what's going on. Figured it best to make our admins aware since it would probably be non-obvious to them as well. -Mike Darren VanBuren - Sent from my iPod Try Fedora 10 today. Fire it up. http://fedoraproject.org/ (I need a new slogan for Fedora 11 from marketing) On Sep 21, 2009, at 6:49, Mike McGrath mmcgr...@redhat.com wrote: Selinux on cvs1 is now in enforcing mode. Please keep an eye out for any oddities or broken services and let us know. -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list