Hey,
I am in the process of trying (and convincing my colleagues) to learn/setup
selinux as we switch to 6.0... Quick question: do I really "need" to install the setools/setroubleshoot
packages or can I live without them? They want to install 80 packages
(gnome stuff, gstreamer, gtk, tcl/tk...) and I would like to avoid installing
all sort of graphical tools/libs on my lean servers.
Can I just install setools-console by example?
Is there a console only equivalent for setroubleshoot?
If you know a must-have "selinux for dummies" like howto, apart from
Redhat/Fedora doc or CentOS wiki, I am interested!Especially if it covers the case of many non-standard applications (the policy here is to use compiled apaches/php/mencoder/ffmpeg/..., all installed (with their data/logs) in a "/OURDIR" directory (but still use /var/run for the pids and a few others depending on the app), init.d scripts, logrotates, etc...
Thx, JD
On Fri, 2 Sep 2011, John Doe wrote:
I am in the process of trying (and convincing my colleagues) to learn/setup
selinux as we switch to 6.0... Quick question: do I really "need" to install the setools/setroubleshoot packages or can I live without them? They want to install 80 packages (gnome stuff, gstreamer, gtk, tcl/tk...) and I would like to avoid installing all sort of graphical tools/libs on my lean servers.
Can I just install setools-console by example?
What does experiemntation with yum in a testing mode indicate with the packageset on your box - dependency trees have an effectively infinite number of permutations
Is there a console only equivalent for setroubleshoot?
If you know a must-have "selinux for dummies" like howto, apart from Redhat/Fedora doc or CentOS wiki
What is wrong with the article at: http://wiki.centos.org/HowTos/SELinux
as the timestamps will indicate another CentOS dev team member pointed out some deficiencies to me in it last night, and I was working on it for a couple of hours, and then a docs group member did style cleanups behind me
It is not a completed work, but it is now relevant to CentOS 6
It also covers writing custom rules for local 'in house' applications
I also know that the CentOS Planet RSS aggregator carried a rather long teaching rant I wrote a while back http://orcorc.blogspot.com/2010/12/ripping-out-safeties.html
seeming right before I injured my ankle, from the datestamp -- probably a bad karhma reward from the internet dieties and sprirts for my attitidinal expectation that technical people do research before asking
yeah -- I am just a sore head -- that's it
-- Russ herrold
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/02/2011 10:50 AM, John Doe wrote:
Hey,
I am in the process of trying (and convincing my colleagues) to learn/setup
selinux as we switch to 6.0... Quick question: do I really "need" to install the setools/setroubleshoot
packages or can I live without them? They want to install 80 packages
(gnome stuff, gstreamer, gtk, tcl/tk...) and I would like to avoid installing
all sort of graphical tools/libs on my lean servers.
Can I just install setools-console by example?
Is there a console only equivalent for setroubleshoot?
If you know a must-have "selinux for dummies" like howto, apart from
Redhat/Fedora doc or CentOS wiki, I am interested!Especially if it covers the case of many non-standard applications (the policy here is to use compiled apaches/php/mencoder/ffmpeg/..., all installed (with their data/logs) in a "/OURDIR" directory (but still use /var/run for the pids and a few others depending on the app), init.d scripts, logrotates, etc...
Thx, JD
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
setools and setroubleshoot are not required to be run by SELinux.
setroubleshoot-server is supposed to be able to be used on server machine and able to send email on errors that it sees.
From: Daniel J Walsh dwalsh@redhat.com
setools and setroubleshoot are not required to be run by SELinux. setroubleshoot-server is supposed to be able to be used on server machine and able to send email on errors that it sees.
I installed setools-console since it was small. And, instead of setroubleshoot-server, will maybe write a small script to send emails when there are AVC messages...
Thx, JD
-
Daniel J Walsh -
John Doe -
R P Herrold