[Triumf-linux-managers] Anyone not turning off SELinux ?
Greg Hackman
hackman at triumf.ca
Tue Oct 7 09:45:49 PDT 2008
When did this become a discussion thread? If it did, how do I unsubuscribe?
Greg
Marcello M. Pavan, Ph.D. wrote:
> Kel
>
> SELinux gives me a headache, so I left it in permissive mode. THe
> instructions are opaque. things wouldn't work and it was not clear why.
>
> it will stay in permissive mode until an interface is created which makes it
> easy to administer
>
> -marcello
>
>
>
> On October 6, 2008, Kelvin Raywood wrote:
>> Andrew Daviel wrote:
>>> I just wondered if anyone was successfully living with SELinux in
>>> enforcing mode.
>> The TRIUMF kickstarts of SL 5.1 and 5.2 have SELinux enabled by default.
>> This can be overridden during the first-boot but would then require
>> another reboot. You can check your SELinux mode with the command
>> "/usr/sbin/sestatus" (works as non-root).
>>
>> So if you have SELinux enabled but didn't know it, Andrew would like to
>> hear from you.
>>
>> However, it is servers such as web, database, print, ... that are most
>> likely to be affected by SELinux (by design) and the TRIUMF kickstarts
>> do not install any of these packages. If you've installed and
>> configured any server-packages and use SELinux or have since disabled
>> it, then we'd liketo hear about your experience.
>>
>> We have migrated many central services to single-purpose
>> virtual-machines which have a very minimal set of packages installed.
>> They typically have SELinux disabled since isolation of services is
>> enforced at the machine level. There is less to be gained from SELinux
>> on a single-service virtual-machine than in a multi-purpose machine with
>> several services.
>>
>> We have SELinux enabled on the virtual-machine host which is also
>> providing time service as "time1.triumf.ca". SELinux has not caused in
>> issues in this scenario.
>>
>> --
>> Kel Raywood
>> Core Computing and Networking
>>
>> _______________________________________________
>> Triumf-linux-managers mailing list
>> Triumf-linux-managers at lists.triumf.ca
>> http://lists.triumf.ca/mailman/listinfo/triumf-linux-managers
>
>
>
--
Greg Hackman, TRIUMF
4004 Wesbrook Mall, Vancouver, BC, Canada
Phone 1-604-222-7441, Fax 1-604-222-1074
Reception 1-604-222-1047
http://trshare.triumf.ca/~hackman
--
Freedom is the freedom to say two plus two makes four.
Once that is granted, all else follows.
-- George Orwell
More information about the Triumf-linux-managers
mailing list