[CentOS] SELinux - null security context

Craig White craigwhite at azapple.com
Thu Jan 29 04:18:21 UTC 2009


On Wed, 2009-01-28 at 23:00 -0500, Rob Kampen wrote:
> Last resort was the 'touch /.autorelabel' and reboot. This took nearly
> an hour but once it came up all was well.
> Thanks for the pointers Filipe.
> At what point would it be safe to go to enforcing? What logs should I
> be inspecting for warnings?
> I find SELinux real hard to get my head around, extensive reading and
> still I don't get it clearly enough to where I understand it and feel
> safe committing my business server to it. And when something like this
> occurs and it takes the server down for an hour to clean it up.... not
> really production ready. 
> I'm getting ready to head for PCI-DSS audit and thought SELinux
> enforcing would be a help......any comments from those with more
> experience??
----
you shouldn't have to relabel a filesystem unless you had turned SELinux
off for a while. So that shouldn't be necessary again.

I also gathered that the RHEL 5.3 release has a bunch of the newer tools
from virtually current Fedora like SETroubleShooter which should make
life a lot easier.

I gather that CentOS 5.3 will be released in the next week or so and I
would probably wait until you have it running fine for a week or two in
permissive mode and have squashed any alerts and you should be good to
move to enforcing.

Craig



More information about the CentOS mailing list