[CentOS] aide questions, please

Fri Apr 11 08:27:45 UTC 2008
Michael Simpson <mikie.simpson at gmail.com>

On 4/10/08, Steve Campbell <campbell at cnpapers.com> wrote:
> Jim,
> I tried the new config file - the downloaded one - and it still gives me the
> errors. I then went through and removed the xattr options on all of them
> with no luck still. I have not ran the --check yet.
> OK, so what if I enable permissive mode just to get the extra attributes on
> all the files, and do all the stuff needed to relabel the files. Will I see
> any difference in what I have other than the extended attributes. Since this
> server will go full time production real soon, I don't want to cause any
> surprises for me or the users, and I don't have the time to learn selinux
> admin and configuration in a short time either. I know, that sounds lazy,
> but I just have a full plate at the moment, sorry.
> Thanks for all your time. I really do appreciated the fact you're educating
> me.
> steve
Hi Steve

I always used to disable selinux until ~3 months ago
i now have selinux enabled but set on permissive for my dev servers
and enforcing on production
i have several servers at home where i went from disabled to
permissive with no problems. YMMV

there will be no difference to your filesystem other than the extended
attributes being applied

you can see the change using the -Z switch for commands like ls and ps.

you should have no problems at all

i also use auditd to collect the AVCs that permissive generates

Russell Coker's root-as-guest user play machine demo just kinda blew
me away conceptually.