[CentOS] Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux
Lars Hecking
lhecking at users.sourceforge.net
Wed May 26 15:57:25 UTC 2010
> The *theoretical* system security improvement of SELinux is trumped by
> the *practical* observation that I have had existing systems broken by
> SELinux multiple times on the mere handful of systems I have run it on
> in enforcing mode, but have yet to see a single one of several dozen
> (all internet exposed) up-to-date *non*-SELinux systems hacked.
>
> It is a 'safety' feature that is in practice more dangerous to system
> stability than what it is trying to fix. It is like having air bags in
> your car that go off at random times while you are driving: It is NOT
> acceptable behavior.
Under CentOS 5.5, and I presume RHEL5.5 too, there is a small improvement
in the shape of setroubleshoot-server, it at least gives you improved
troubleshooting capabilities.
Not that it helps when you upgrade a 5.4 machine to 5.5 and you get no
selinux logging whatsoever because setroubleshoot-server wasn't installed
during the upgrade. Note to self, need to add it to the minimal-kickstart
configurations.
---------------------------------------------------------------
This message and any attachments may contain Cypress (or its
subsidiaries) confidential information. If it has been received
in error, please advise the sender and immediately delete this
message.
---------------------------------------------------------------
More information about the CentOS
mailing list