-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/22/2012 04:38 PM, m.roth@5-cent.us wrote:
Bob Hoffman wrote:
On 6/22/2012 9:50 AM, m.roth@5-cent.us wrote:
Bob Hoffman wrote:
On 6/21/2012 12:44 PM, Keith Roberts wrote:
On Thu, 21 Jun 2012, Bob Hoffman wrote:
From: Bob Hoffmanbob@bobhoffman.com
<snip> >> Another thing to consider (and I really, really don't enjoy suggesting >> it), is selinux. Turn it on to at least permissive, and it'll bitch >> and moan if something's changed. Turn it to enforcing, and *nothing* >> will be allowed to be changed. It is, however, a royal pain to >> configure, esp. when you want to be able to allow a directory for users >> to put pics. >> > Would love to use SElinux. I searched high and low for any kind of manual > and there was none.
Look for RHEL's 5 or 6; there's professional documentation.
Not that anything's that wonderful.
There's also the selinux list. <snip>
One thing I learned...SElinux in permissive mode only gives a warning once for an issue...and never again. Makes it hard to play with it that way, would prefer a constant error variable to keep them coming.
Not true. It will issue an AVC every time something tries to happen. Big things to know: a) ll -Z shows you the selinux context b) chcon [-R] -[urt] <whatever> <file or directory> c) getsebool and setsebool
mark
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
If you are having problems with SELinux just send an email to me or mention it on the list. There is also pretty good help available on #freenode.
Permissive AVC's are only reported once. You can read this blog for more info.
http://danwalsh.livejournal.com/10972.html
Other blogs you might be interested in:
http://danwalsh.livejournal.com/24537.html http://danwalsh.livejournal.com/42394.html