[CentOS] reinventing the wheel? page checker

Fri Jun 22 20:38:05 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Bob Hoffman wrote:
> On 6/22/2012 9:50 AM, m.roth at 5-cent.us wrote:
>> Bob Hoffman wrote:
>>> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>>> From: Bob Hoffman<bob at bobhoffman.com>
>>>>>
<snip>
>> Another thing to consider (and I really, really don't enjoy suggesting
>> it), is selinux. Turn it on to at least permissive, and it'll bitch and
>> moan if something's changed. Turn it to enforcing, and *nothing* will be
>> allowed to be changed. It is, however, a royal pain to configure, esp.
>> when you want to be able to allow a directory for users to put pics.
>>
> Would love to use SElinux. I searched high and low for any kind of
> manual and there was none.

Look for RHEL's 5 or 6; there's professional documentation.

Not that anything's that wonderful.

There's also the selinux list.
<snip>
> One thing I learned...SElinux in permissive mode only gives a warning
> once for an issue...and never again. Makes it hard
> to play with it that way, would prefer a constant error variable to keep
> them coming.

Not true. It will issue an AVC every time something tries to happen. Big
things to know:
   a) ll -Z shows you the selinux context
   b) chcon [-R] -[urt] <whatever> <file or directory>
   c) getsebool and setsebool

     mark