[CentOS] SELinux - way of the future or good idea but !!!
christopher.chan at bradbury.edu.hk
Mon Nov 29 16:59:06 EST 2010
On Tuesday, November 30, 2010 01:38 AM, Les Mikesell wrote:
>> All of the third-party software I run seems to run just fine, as long as the right contexts are applied.
> Well, obviously it will work after someone takes the time to make it
> work. Now it is your turn to quantify: How much would you charge to
> teach someone to be able to make those changes and how long would it
> take? This has to include the ability to quickly diagnose and fix any
> problem that might be caused by updates to the application or to the OS
As was already mentioned in another post, run in permissive mode, for a
few days if you must, and go through all the things the software does
and voila! setroubleshoot and/or logs tell you what needs doing.
You can switch from enforcing mode to permissive mode in real time, no
reboot necessary. All this yapping about the time and effort needed is
an excuse when it is TRIVIAL to switch modes and as has already been
pointed out, setroubleshoot will explain everything and even tell you
exactly in most cases what commands need running to fix things.
More information about the CentOS