Andrew Kelly wrote:
On Wed, 2007-08-29 at 16:04 +0100, Jonathan Allen wrote:
On Wed, Aug 29, 2007 at 09:41:19AM -0500, Mikkel L. Ellertson wrote:
From there you can deside if you want to disable selinux, or relabel
the system so selinux works correctly.
How is that (easily) done - I haev to admit that now it is running
disabled, I'm very much tempted to leave it that way rather then
mess about "in flight" so to speak. Presumably I'll save a little
mill time at a fairly minimal risk on a secure system ...
Jonathan
Forgive the invitation to discussion, but....
I personally have immediately disabled SELinux on any and every box I've
ever installed for myself, and grind my teeth any time I even see the
word.
Would any of you out there care to share with me any of your personal
experiences with SELinux being useful to you (in any way whatsoever), on
a single-user workstation?
I'm quite willing to admit my ig'nerz on the subject and am open to
being taught why the functionality is a Good Thing (tm).
Andy
After reading several replies to this thread, I see "I am not alone" ...
I have SELinux turned on, in permissive mode.... everyday I see various
denial messages in my Logwatch report which I have not yet taken the
time to figure out. They are cryptic to say the least. But, like so many
things that appear complex at first glance, it just takes a little
reading and experimentation. (eg. iptables CLI commands)
At a high level, I understand the concepts of what SELinux is doing....
and like the idea, but I have not tried to learn how to use it. I
suppose if I were feeling a little more brave, I would turn it on in
"enforcing" mode then fight whichever fires flared up.
However, I have not made the time to do that...my "plan" (and I use the
term loosely) is to figure it out, eliminate improper error messages
from my Logwatch reports, and THEN try SELinux in enforcing mode....
That's the theory... in practice, I will probably wait until I have a
spare box to run another Linux image on, and play with that one more
aggressively.... :-)