[CentOS] SELinux - way of the future or good idea but !!!

m.roth at 5-cent.us m.roth at 5-cent.us
Wed Dec 1 15:19:25 UTC 2010


On this thread, I'm speaking with my manager, and the other admin comes
in, ranting about selinux, and that he's going to file a bug against it
with RH.... Seems he installed RHEL6, and had the misfortune of having an
older Sun keyboard, and may have hit the <caps lock> key when entering the
root password... and he couldn't log in. So he rebooted to single user
mode, and ran passwd... which sat there for a while, then quit, with no
messages. Then he turned off selinux, and passwd worked... so the whole
selinux thing was a pointless and irritating exercise.

Of course, if selinux had stopped him from turning enforcing off, he'd
have had to reboot from the rescue disk, at the least, and reinstall at
the worst.

The bigger question is why selinux when the system is in single user mode,
and offline. If someone has console access, and shouldn't have, you have
management problems, not o/s security problems.

        mark




More information about the CentOS mailing list