Re: do I need SELinux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Chris Hewitt wrote:

On Sat, 2004-11-13 at 03:48, john bray wrote:


On Fri, 2004-11-12 at 10:01 -0500, Daniel J Walsh plumb said:


Steven Stern wrote:



On Fri, 12 Nov 2004 09:37:21 -0500, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:





So I would hope that people will work with it and not just turn it off as soon as they have a problem
with the system.




I haven't had any problems and assume it's working fine on my system.  But how
do I know?  Will something show up in logwatch if there's something to worry
about?  What syslog message prefix indicates a SELINUX targeted policy
message?

(Yes, this is probably in the FAQ, so if you can point me to the right one,
I'll go off quiely and read it.)




You might see some change in behavior of applications and usually AVC messages in /var/log/messages.

For the most part you probably will see nothing.

sestatus shows you whether it is running or not.





ok.   i got interested in checking this out.  so:

[root@junior ntp]# grep AVC /var/log/message*
[root@junior ntp]# sestatus
SELinux status: disabled
[root@junior ntp]# 


i thought that FC3 was defaulting to targeted?  this is an upgrade from
FC2 system, BTW.

what do i have to do now, to get it turned on? 


John,

An earlier poster said it is off by default on upgrades. GUI method:
System Settings -> Security Level, SELinux tab, check Enabled and
Enforcing, Policy should be Targeted. Command line method: edit
/etc/selinux/config. Reboot (its kernel stuff so reboot unfortunately
needed).

I've got a fresh FC3 installation (not upgrade) and have a PHP
application using either PostgreSQL or MySQL. As SELinux documentation
indicates it should allow http/PHP to access MySQL I was not surprised
that my application did not work with PostgreSQL, but it did not work
with MySQL either. If I turn off SELinux then it is fine with either
database.

I agree SELinux is a good idea (particularly for servers), but I have
not yet found good documentation on the details of setting it up (with
PostgreSQL in particular), maybe I simply need to look harder. Another
previous poster hoped that we would work with SELinux to help it along,
and I agree with this, but present time constraints make it so much
easier for me to simply work with SELinux disabled.


In stead of disabling SELinux please disable apache.  If you have a problem.

system-config-securitylevel can do this. That way you can still run with SELinux without
Apache problems.

Regards

Chris




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux