Re: SELinux survey (was RE: Stupid F7 boot loop)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Andrew Kelly wrote:

On Wed, 2007-08-29 at 16:04 +0100, Jonathan Allen wrote:

On Wed, Aug 29, 2007 at 09:41:19AM -0500, Mikkel L. Ellertson wrote:

From there you can deside if you want to disable selinux, or relabel
the system so selinux works correctly.

How is that (easily) done - I haev to admit that now it is running
disabled, I'm very much tempted to leave it that way rather then
mess about "in flight" so to speak.  Presumably I'll save a little
mill time at a fairly minimal risk on a secure system ...

Jonathan




Forgive the invitation to discussion, but....

I personally have immediately disabled SELinux on any and every box I've
ever installed for myself, and grind my teeth any time I even see the
word. 
Would any of you out there care to share with me any of your personal
experiences with SELinux being useful to you (in any way whatsoever), on
a single-user workstation?

I'm quite willing to admit my ig'nerz on the subject and am open to
being taught why the functionality is a Good Thing (tm).

Andy


After reading several replies to this thread, I see "I am not alone" ...
I have SELinux turned on, in permissive mode.... everyday I see various denial messages in my Logwatch report which I have not yet taken the time to figure out. They are cryptic to say the least. But, like so many things that appear complex at first glance, it just takes a little reading and experimentation. (eg. iptables CLI commands)
At a high level, I understand the concepts of what SELinux is doing.... and like the idea, but I have not tried to learn how to use it. I suppose if I were feeling a little more brave, I would turn it on in "enforcing" mode then fight whichever fires flared up.
However, I have not made the time to do that...my "plan" (and I use the term loosely) is to figure it out, eliminate improper error messages from my Logwatch reports, and THEN try SELinux in enforcing mode....
That's the theory... in practice, I will probably wait until I have a spare box to run another Linux image on, and play with that one more aggressively.... :-)
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux