SELinux

Darr darr at core.com
Sun Aug 29 19:20:41 UTC 2010


On Sunday, 29 August, 2010 @17:14 zulu, Erik P. Olsen scribed:
 
> I would advise Patrick to disable Selinux. I've made that decision
> long ago because it gives me more problems when enabled that I can
> possibly solve. IMHO the user interface is so bad that selinux is
> unuseable for an ordinary enduser. 

Ummm... that's NOT good advice, in my honest opinion.

That's rather like telling someone to disable the windows
firewall because it might stop them from using the chat
rooms in AOL, and it's just "too complicated" for ordinary
users to make the exceptions/open ports to run IRC instead.

>From what I've seen, most SELinux hassles result from
doing too much from root access (i.e. when it could/should
have been done from user-level access instead).

I would advise the OP to subscribe to the selinux list and
be ready to post copies of the AVC denials when requested.


More information about the users mailing list