[CentOS] CentOS 6 as DNS-Server

Tue May 10 19:27:02 UTC 2016
Alice Wonder <alice at domblogger.net>

On 05/10/2016 12:08 PM, m.roth at 5-cent.us wrote:

> Which assumes that setting selinux to enforcing doesn't break your
> websites, or the locally-created root directories that have been created
> before an actual sysadmin came onboard, or....

That's my biggest problem with SELinux. I suppose at some point I need 
to invest both time and money and take a class on it, but every time I 
try to use it - it gets in the way and when I try to resolve it, the 
documentation is very confusing and I think the documentation often 
makes assumptions about concepts being known that I don't know.

I know that it can be a significant benefit when you are attacked with 
an exploit that either is either zero-day or hasn't been patched, but so 
far when I have tried enabling SELinux it ends up taking up hours and 
hours and hours of my time.

And sometimes the problems are things like tmpfs - I don't remember 
exactly what it was, but I had an issue where when I finally got help, 
the answer was don't use tmpfs if you have SELinux enabled.

I want to use it, I do, but so far it has only caused me grief.