[CentOS] SELinux - way of the future or good idea but !!!

Christopher Chan christopher.chan at bradbury.edu.hk
Mon Nov 29 16:59:06 EST 2010


On Tuesday, November 30, 2010 01:38 AM, Les Mikesell wrote:

>> All of the third-party software I run seems to run just fine, as long as the right contexts are applied.
>
> Well, obviously it will work after someone takes the time to make it
> work.  Now it is your turn to quantify:  How much would you charge to
> teach someone to be able to make those changes and how long would it
> take?  This has to include the ability to quickly diagnose and fix any
> problem that might be caused by updates to the application or to the OS
> distribution.
>

As was already mentioned in another post, run in permissive mode, for a 
few days if you must, and go through all the things the software does 
and voila! setroubleshoot and/or logs tell you what needs doing.

You can switch from enforcing mode to permissive mode in real time, no 
reboot necessary. All this yapping about the time and effort needed is 
an excuse when it is TRIVIAL to switch modes and as has already been 
pointed out, setroubleshoot will explain everything and even tell you 
exactly in most cases what commands need running to fix things.


More information about the CentOS mailing list