[CentOS] ejabberd 2.0.2 vs SELinux vs CentOS 5

Filipe Brandenburger filbranden at gmail.com
Mon Oct 6 17:02:23 UTC 2008


On Sat, Oct 4, 2008 at 12:43, nate <centos at linuxpowered.net> wrote:
>> so maybe I should disable SELinux
>> and be done with it.
> That's what I'd suggest too. SELinux isn't even installed on any
> of the systems I manage(roughly 350). Not worth the trouble.

That's a very bad advice.

SELinux is very useful as a security measure in Linux, and since RHEL5
(and CentOS 5) it has reached a good balance in terms of usability vs.
security. I admit that making it work under the previous versions was
very tricky, but with CentOS 5 it just works.

Of course you eventually have to tweak it to make it work for 3rd
party programs (such as in the OP's case). In that case, this page may
help you do it:

SELinux is certainly complex and there is a steep learning curve, but
it's certainly worth learning how to use it and keeping it enabled.


More information about the CentOS mailing list