[CentOS] SELinux - way of the future or good idea but !!!

Daniel J Walsh dwalsh at redhat.com
Mon Dec 6 14:47:08 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/06/2010 09:45 AM, Jerry Franz wrote:
> On 12/06/2010 06:06 AM, Daniel J Walsh wrote:
>>
>> Did you take a look at the AVC messages?  Are you running setroubleshoot?
> 
> Yes to both.
>> Usually running something like restorecon -R -v /var/ftp would have
>> cleaned this up, if it is a simple mislabel in /var directory.
> 
> The point is *I shouldn't have to*. A stable system should not have 
> breakages from SELinux where 'for some reason' a directory tree got 
> mislabeled during updates. And yet it does. I enable SELinux on only a 
> handful of my systems - and most of those systems acquire SELinux 
> related problems at least once ever year or two just from normal updates.
> 
> While SELinux continues to do stuff like this, it will remain disabled 
> on the vast majority of my (and many other people's) systems.
> 
I agree, and would like to look at the AVC's to understand what could
have broken the labeling.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkz892sACgkQrlYvE4MpobN9hQCcChhK5CdmjVSPj42iOPGSjvd6
nfoAnjrRkakzMrU7k7z6mWlwPBTCeyTg
=OLm/
-----END PGP SIGNATURE-----



More information about the CentOS mailing list