selinux is a pain
birger
birger at birger.sh
Tue Sep 20 12:16:14 UTC 2011
Sitat MartÃn Marqués <martin.marques at gmail.com>:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selinux?
>
> I, for instance, am about to disable it.
It depends a bit. It usually bites if you try to combine web services and
other services that need to share a directory.
For my home systems, I always keep it on. I have to learn to live with it,
as it definitely hardens the operating system. Why not force myself to learn
it. I almost never have to touch it. Sometimes I step around selinux
problems in messy ways (use a big enough hammer)
For servers on protected internal networks at work, I leave it on except on
servers where it tends to create problems and other people than me need to
understand what is going on. On servers where I turn it off, I often keep it
in permissive mode so I can read the logs if I need to.
For servers in DMZ zones I keep it on, and I try to find clean and correct
solutions to any problems instead of the sledgehammer approach at home. :-)
--
birger
More information about the users
mailing list