[CentOS] reinventing the wheel? page checker
Daniel J Walsh
dwalsh at redhat.com
Sat Jun 23 10:16:27 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/22/2012 04:38 PM, m.roth at 5-cent.us wrote:
> Bob Hoffman wrote:
>> On 6/22/2012 9:50 AM, m.roth at 5-cent.us wrote:
>>> Bob Hoffman wrote:
>>>> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>>>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>>>> From: Bob Hoffman<bob at bobhoffman.com>
>>>>>>
> <snip>
>>> Another thing to consider (and I really, really don't enjoy suggesting
>>> it), is selinux. Turn it on to at least permissive, and it'll bitch
>>> and moan if something's changed. Turn it to enforcing, and *nothing*
>>> will be allowed to be changed. It is, however, a royal pain to
>>> configure, esp. when you want to be able to allow a directory for users
>>> to put pics.
>>>
>> Would love to use SElinux. I searched high and low for any kind of manual
>> and there was none.
>
> Look for RHEL's 5 or 6; there's professional documentation.
>
> Not that anything's that wonderful.
>
> There's also the selinux list. <snip>
>> One thing I learned...SElinux in permissive mode only gives a warning
>> once for an issue...and never again. Makes it hard to play with it that
>> way, would prefer a constant error variable to keep them coming.
>
> Not true. It will issue an AVC every time something tries to happen. Big
> things to know: a) ll -Z shows you the selinux context b) chcon [-R] -[urt]
> <whatever> <file or directory> c) getsebool and setsebool
>
> mark
>
> _______________________________________________ CentOS mailing list
> CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
>
If you are having problems with SELinux just send an email to me or mention it
on the list. There is also pretty good help available on #freenode.
Permissive AVC's are only reported once. You can read this blog for more info.
http://danwalsh.livejournal.com/10972.html
Other blogs you might be interested in:
http://danwalsh.livejournal.com/24537.html
http://danwalsh.livejournal.com/42394.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/ll3sACgkQrlYvE4MpobMONQCg1bJjksI6lr12DWZ1DKVMewmR
R9YAoOEffTsfzy7vtaSOCqGHfXcSeFhK
=pZFf
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list