[Triumf-linux-managers] Anyone not turning off SELinux ?
Marcello M. Pavan, Ph.D.
marcello at triumf.ca
Tue Oct 7 02:19:27 PDT 2008
Kel
SELinux gives me a headache, so I left it in permissive mode. THe
instructions are opaque. things wouldn't work and it was not clear why.
it will stay in permissive mode until an interface is created which makes it
easy to administer
-marcello
On October 6, 2008, Kelvin Raywood wrote:
> Andrew Daviel wrote:
> > I just wondered if anyone was successfully living with SELinux in
> > enforcing mode.
>
> The TRIUMF kickstarts of SL 5.1 and 5.2 have SELinux enabled by default.
> This can be overridden during the first-boot but would then require
> another reboot. You can check your SELinux mode with the command
> "/usr/sbin/sestatus" (works as non-root).
>
> So if you have SELinux enabled but didn't know it, Andrew would like to
> hear from you.
>
> However, it is servers such as web, database, print, ... that are most
> likely to be affected by SELinux (by design) and the TRIUMF kickstarts
> do not install any of these packages. If you've installed and
> configured any server-packages and use SELinux or have since disabled
> it, then we'd liketo hear about your experience.
>
> We have migrated many central services to single-purpose
> virtual-machines which have a very minimal set of packages installed.
> They typically have SELinux disabled since isolation of services is
> enforced at the machine level. There is less to be gained from SELinux
> on a single-service virtual-machine than in a multi-purpose machine with
> several services.
>
> We have SELinux enabled on the virtual-machine host which is also
> providing time service as "time1.triumf.ca". SELinux has not caused in
> issues in this scenario.
>
> --
> Kel Raywood
> Core Computing and Networking
>
> _______________________________________________
> Triumf-linux-managers mailing list
> Triumf-linux-managers at lists.triumf.ca
> http://lists.triumf.ca/mailman/listinfo/triumf-linux-managers
--
-------------------------
Marcello M. Pavan, Ph.D.
TRIUMF
4004 Wesbrook Mall
Vancouver, B.C. V6T 2A3
Canada
TEL: 1 604 222 7525
FAX: 1 604 222 1074
More information about the Triumf-linux-managers
mailing list