SELinux
Guy Fraser
guy at incentre.net
Thu Sep 1 16:24:24 UTC 2005
On Thu, 2005-01-09 at 07:53 +0100, Paul Howarth wrote:
> On Wed, 2005-08-31 at 22:23 -0700, CHAT KHODA wrote:
> > Dear friends,
> > As you know new versions of fedora are comming with
> > SELinux feature.I wonder to know whether it is a good
> > idea to enable this feature on a web-mail server or
> > not? .Somebody advised me ;this feature will cause
> > disturbing circumstances,but I wish to know if you
> > have any comment.
>
> A web/mail server is exactly the type of application that SELinux works
> well with. You may have difficulty at first understanding it (read
> http://fedora.redhat.com/docs/selinux-apache-fc3/ for a good start) but
> it's worth the effort.
Beware that SELinux is designed to provide a higher level of
security than the standard file system and access controls
built in to the applications. More specifically if you have
anything that uses sendmail directly rather than using SMTP
you will have problems. If possible configure you PHP, PERL
or other software to use SMTP on localhost rather than
using sendmail directly, it will save you some headaches.
Overall I have only had few problems with RHEL4 and FC3 with
SELinux enabled, and most were simple to work around, and
left the system more secure in the process.
More information about the users
mailing list