[CentOS] reinventing the wheel? page checker

Sat Jun 23 10:16:27 UTC 2012
Daniel J Walsh <dwalsh at redhat.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/22/2012 04:38 PM, m.roth at 5-cent.us wrote:
> Bob Hoffman wrote:
>> On 6/22/2012 9:50 AM, m.roth at 5-cent.us wrote:
>>> Bob Hoffman wrote:
>>>> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>>>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>>>> From: Bob Hoffman<bob at bobhoffman.com>
>>>>>> 
> <snip>
>>> Another thing to consider (and I really, really don't enjoy suggesting 
>>> it), is selinux. Turn it on to at least permissive, and it'll bitch
>>> and moan if something's changed. Turn it to enforcing, and *nothing*
>>> will be allowed to be changed. It is, however, a royal pain to
>>> configure, esp. when you want to be able to allow a directory for users
>>> to put pics.
>>> 
>> Would love to use SElinux. I searched high and low for any kind of manual
>> and there was none.
> 
> Look for RHEL's 5 or 6; there's professional documentation.
> 
> Not that anything's that wonderful.
> 
> There's also the selinux list. <snip>
>> One thing I learned...SElinux in permissive mode only gives a warning 
>> once for an issue...and never again. Makes it hard to play with it that
>> way, would prefer a constant error variable to keep them coming.
> 
> Not true. It will issue an AVC every time something tries to happen. Big 
> things to know: a) ll -Z shows you the selinux context b) chcon [-R] -[urt]
> <whatever> <file or directory> c) getsebool and setsebool
> 
> mark
> 
> _______________________________________________ CentOS mailing list 
> CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
> 
If you are having problems with SELinux just send an email to me or mention it
on the list.  There is also pretty good help available on #freenode.

Permissive AVC's are only reported once.  You can read this blog for more info.

http://danwalsh.livejournal.com/10972.html

Other blogs you might be interested in:

http://danwalsh.livejournal.com/24537.html
http://danwalsh.livejournal.com/42394.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/ll3sACgkQrlYvE4MpobMONQCg1bJjksI6lr12DWZ1DKVMewmR
R9YAoOEffTsfzy7vtaSOCqGHfXcSeFhK
=pZFf
-----END PGP SIGNATURE-----