[CentOS] echo 0> /selinux/enforce

Wed Nov 6 16:55:46 UTC 2013
Les Mikesell <lesmikesell at gmail.com>

On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> SELinux blocks "confined" processes, but usually does not block the
> administrator who is running as unconfined_t, and is allowed to do everything
> he could do if SELinux was disabled.
> Confined processes are targeted to system services. Stuff that is started at
> boot versus processes started by a logged in user.

Is there a way to configure things so tomcat or other java web
containers can unpack the war files used for code deployment and
compile/cache jsp code on the fly but not be able to write anything
else (like from the several instances of struts vulnerabilities)?

   Les Mikesell
     lesmikesell at gmail.com