[CentOS] selinux: how to allow access?
Peter Kjellström
cap at nsc.liu.se
Tue Mar 20 12:42:28 UTC 2018
On Tue, 20 Mar 2018 13:07:12 +0100
hw <hw at gc-24.de> wrote:
...
> So what do you really gain from selinux, and is that worthwhile all
> the trouble and the hours spent to fix the problems it creates? What
> about the impact on performance?
The main feature is that lots of software is indeed confined (even
though your normal login or desktop remains unconfined).
This is exactly what happens to exim in your case. It is exim_t not
unconfined_t which means when/if it goes crazy (or is exploited) the
damage can be limited.
For some people it's also useful that it provides the ability to define
user types (see "semanage user --list").
/Peter K
More information about the CentOS
mailing list