[CentOS] Selinux extra packages and compiled apps
John Doe
jdmls at yahoo.com
Tue Sep 6 13:03:10 UTC 2011
Russ herrold wrote:
>> Quick question: do I really "need" to install the setools/setroubleshoot
>> packages or can I live without them? They want to install 80 packages
>> (gnome stuff, gstreamer, gtk, tcl/tk...) and I would like to avoid installing
>> all sort of graphical tools/libs on my lean servers.
>> Can I just install setools-console by example?
> What does experiemntation with yum in a testing mode indicate
> with the packageset on your box - dependency trees have an
> effectively infinite number of permutations
My question was more "do I really need this package to work with selinux?"
I installed setools-console and so far it seems enough...
So, can I skip setroubleshoot?
>> If you know a must-have "selinux for dummies" like howto, apart from
>> Redhat/Fedora doc or CentOS wiki
> What is wrong with the article at:
> http://wiki.centos.org/HowTos/SELinux
Nothing wrong; I already read it, and will read the redhat doc...
Just looking for all the doc I can find on the subject.
And maybe also for the hidden secret magic button that will auto-write
the hundreds custom policies we will need...
Creating a custom policy for an apache to use a non standard rootdir or
port seems indeed easy with audit2allow... But several of our servers
are more or less 10% standard (rpm based) and 90% custom, with dozens
of apps/scripts listening on dozens non standard ports, sockets, accessing
many files here and there...
So the task is a bit daunting.
Thx,
JD
PS: Any one found/made a Zimbra policy module? ^_^
More information about the CentOS
mailing list