[CentOS] SELinux - way of the future or good idea but !!!

Thu Dec 9 06:15:52 UTC 2010
Christopher Chan <christopher.chan at bradbury.edu.hk>

On Thursday, December 09, 2010 11:06 AM, Warren Young wrote:
> On 12/8/2010 5:00 PM, Christopher Chan wrote:
>> On Thursday, December 09, 2010 05:00 AM, Warren Young wrote:
>>> I assume you mean to advocate running updates infrequently,
>>
>> No, I advocate setting up SELinux properly which will take care of the
>> automatic updates.
>
> That's great if you are wise enough to forsee all problems that an
> automatic update can cause.
>
> I am not that wise.

Neither am I. That's why I look at the logs when something goes boom so 
that I can have it taken care of.


>
>   >  Did you miss all the pointers to using semanage so
>> that relabels will cover your non-default necessities? And that is not
>> just from me too.
>
> Yes.  I will freely admit to not having read everything in this
> ponderous thread. :)

Let me just say that the pointers I received and implemented have not 
given me any trouble even though the Moodle box I received from HQ has 
the mysql db in a non-default location and likewise the content.

I, thus, find it rather irksome when people pop up here and say SELinux 
is a troublesome piece of rubbish that cannot be trusted but in reality 
they have not got a good enough understanding of the works (and in some 
cases don't even try to) and so things fell apart. I did not understand 
SELinux at first either when it first come out but it took just one 
morning when I really had to get it working. In case I come across as 
some pompous arrogant ass, let me just say that I only got SELinux 
running on a Centos box very recently (Sep 2010) and so others are more 
qualified to advocate SELinux but it sure was NOT rocket science to make 
sure Moodle and Mysql in areas outside /var/lib/mysql and /var/www/html 
still worked.