[CentOS] SELinux - null security context

Thu Jan 29 11:35:14 UTC 2009
Michael Simpson <mikie.simpson at gmail.com>

On 1/29/09, Rob Kampen <rkampen at kampensonline.com> wrote:
.
> Does anyone use SELinux on their work-station i.e. the place where you try
> things out, debug things etc?? or is it really only for stable systems where
> not many OS changes and new program trials occur?
> I know that asterisk doesn't play nice with SELinux, even in permissive mode
> it fails to work, and yet this is one area where I would like to have it
> work as my phone system is VITAL to my business!
> Thanks
> Rob

We use SELinux on both our workstations and our servers.
We run them in permissive mode for a while, do our testing and then
switch to enforcing once we have cleared up any denials. Run tests
then if it all looks good , put the boxen into production. Audit2allow
and other such tools are very useful in creating any policy changes
that you require and the selinux mailling lists are helpful as well.
The main thing i have been caught out with is when using tftp to
transfer configs from our cisco kit to my workstation in that when i
touch the file i need to set the correct context for it.

Russell Coker's site is a good place for selinux info

<http://www.coker.com.au/selinux/>

mike