[CentOS] Completeley disabling SELinux?
Robert Nichols
rnicholsNOSPAM at comcast.netSat Jan 24 05:39:14 UTC 2009
- Previous message: [CentOS] Completeley disabling SELinux?
- Next message: [CentOS] Completeley disabling SELinux?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
nate wrote:
>
> I can certainly see value in SELinux in some environments, I have
> yet to operate one where it would provide value to me.
I find that SELinux runs in enforcing mode quite unobtrusively on my
laptop, where I'm running a pretty much out-of-the-box Fedora 10.
On my CentOS 5 desktop, though, forget it! I'm doing too many
things like a dhclient-exit-hooks script that adjusts named.conf and
tells the daemon to reload, a script that saves some accounting info
when iptables is stopped, various cron jobs that invoke constrained
executables to do horrible things like write something to a file,
..., that sort of thing. Every time I take a stab at enabling
SELinux in that environment and get close to figuring out enough
local policy adjustments and custom labeling to make it work, a
new release comes along and none of what I've done works any more.
On that system, all removable parts of SELinux have been removed,
and all security attributes have been purged from the filesystems.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
- Previous message: [CentOS] Completeley disabling SELinux?
- Next message: [CentOS] Completeley disabling SELinux?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list