Bob Hoffman wrote:
On 6/22/2012 9:50 AM, m.roth@5-cent.us wrote:
Bob Hoffman wrote:
On 6/21/2012 12:44 PM, Keith Roberts wrote:
On Thu, 21 Jun 2012, Bob Hoffman wrote:
From: Bob Hoffmanbob@bobhoffman.com
<snip>
Another thing to consider (and I really, really don't enjoy suggesting it), is selinux. Turn it on to at least permissive, and it'll bitch and moan if something's changed. Turn it to enforcing, and *nothing* will be allowed to be changed. It is, however, a royal pain to configure, esp. when you want to be able to allow a directory for users to put pics.
Would love to use SElinux. I searched high and low for any kind of manual and there was none.
Look for RHEL's 5 or 6; there's professional documentation.
Not that anything's that wonderful.
There's also the selinux list. <snip>
One thing I learned...SElinux in permissive mode only gives a warning once for an issue...and never again. Makes it hard to play with it that way, would prefer a constant error variable to keep them coming.
Not true. It will issue an AVC every time something tries to happen. Big things to know: a) ll -Z shows you the selinux context b) chcon [-R] -[urt] <whatever> <file or directory> c) getsebool and setsebool
mark