[CentOS] Defaults of CentOS Install not working with SELinux

Thu Apr 30 20:32:57 UTC 2009
Dan Roberts <dan at jlazyh.com>

I would like not to disable SELinux, and I have the guide from the  
nsa.  But try as I might these three things are being difficult.    
Given that it was a default install for them I have no idea how or why.

Some google searches and even the SELinux FAQ suggest remedy options  
that involve data that I just don't seem to have - that's where the  
expertise of someone who has had to deal with something similar would  
be very helpful.


On Apr 30, 2009, at 11:44 AM, Lanny Marcus wrote:

> On Thu, Apr 30, 2009 at 9:07 AM, Dan Roberts <dan at jlazyh.com> wrote:
>> Following a hard drive corruption I have reinstalled the latest  
>> version of
>> CentOS and all current patch files.
>> For most applications I selected the default options.  By doing  
>> this I
>> expected that the packages would play nice with one another and I  
>> could
>> customize as necessary.
>> Setting SELinux to enforce I encountered all sorts of problems -  
>> but most
>> were resolvable, save for Dovecot, Procmail (for spamc), and an odd  
>> one
> <snip>
>> take on making a local policy module I am quickly getting lost .    
>> The
>> option to simply disable SElinux with respect to Apache, Dovecote or
>> anything else is suggested - but not something I see in the GUI  
>> window, and
>> I have not figured out how to do it from the command line.
>
> Disabling SELinux is *not* recommended, by those who know, on this
> mailing list and in other places.  Maybe drop it down from "Enforcing"
> to Permissive, until you get it configured properly.
>
> You might want to go to <http://www.nsa.gov/> and download the .pdf
> version of their manual about hardening RHEL 5. Look for the December
> 20, 2007 version. On page 42, they begin discussing SELinux and how to
> configure/troubleshoot it. "Guide to the Secure Configuration of Red
> Hat Enterprise Linux 5". HTH and GL
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos