On Sat, 23 Jan 2016 10:52:28 -0500
bruce <badouglas(a)gmail.com> wrote:
[snip]
So, if I create an instance, spin it up, fire off my tests on the
instance, run everything for a few hours, and then shut it off, would
that be "reasonably safe/secure"?
My testing apps are a mix of python/php/perl/shell scripts, there's no
web stuff as of yet. Although, there will be dns/nfs/mysql
functionality.
For your use case, I would do it without a qualm, especially since you
are isolated from the web. Once you connect to the web, you will
have exposure, but even then, as you say, it will be minimal. And
limited to the time you have the instance up. If you give it access
to any vital data while it is up, it could be a slight risk.
But, why do you have to disable SElinux? Are you building cracker
suites? :-) Will your apps never run on systems that have SElinux
enabled? Why not just put it in permissive mode, so it warns at
violations, but doesn't stop them, if it is a concern?
I'm not an expert, but in the wild, with internet facing apps, I think
SElinux is a good thing to have enabled. Belt and suspenders, and all
that.