Re: reinventing the wheel? page checker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Bob Hoffman wrote:
> On 6/22/2012 9:50 AM, m.roth@xxxxxxxxx wrote:
>> Bob Hoffman wrote:
>>> On 6/21/2012 12:44 PM, Keith Roberts wrote:
>>>> On Thu, 21 Jun 2012, Bob Hoffman wrote:
>>>>> From: Bob Hoffman<bob@xxxxxxxxxxxxxx>
>>>>>
<snip>
>> Another thing to consider (and I really, really don't enjoy suggesting
>> it), is selinux. Turn it on to at least permissive, and it'll bitch and
>> moan if something's changed. Turn it to enforcing, and *nothing* will be
>> allowed to be changed. It is, however, a royal pain to configure, esp.
>> when you want to be able to allow a directory for users to put pics.
>>
> Would love to use SElinux. I searched high and low for any kind of
> manual and there was none.

Look for RHEL's 5 or 6; there's professional documentation.

Not that anything's that wonderful.

There's also the selinux list.
<snip>
> One thing I learned...SElinux in permissive mode only gives a warning
> once for an issue...and never again. Makes it hard
> to play with it that way, would prefer a constant error variable to keep
> them coming.

Not true. It will issue an AVC every time something tries to happen. Big
things to know:
   a) ll -Z shows you the selinux context
   b) chcon [-R] -[urt] <whatever> <file or directory>
   c) getsebool and setsebool

     mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[CentOS]     [CentOS Announce]     [CentOS Docs]     [CentOS Virtualization]     [Linux Media]     [Asterisk]     [Photo]     [DCCP]     [Netdev]     [Xorg]     [Xfree86]     [Linux USB]     [Project Hail Cloud Computing]

Powered by Linux Add to Google