selinux??
Ian Malone
ibmalone at gmail.com
Mon Jan 25 15:03:03 UTC 2016
On 25 January 2016 at 14:28, Tim <ignored_mailbox at yahoo.com.au> wrote:
> Allegedly, on or about 25 January 2016, bruce sent:
>> I fully get the need for security.. But if I can't get the security
>> working as it should, but I still need to build whatever the project
>> might be.. the project is going to get created.
>>
>> If running Selinux in permissive mode is enough, great, so be it.
>
> SELinux in permissive mode is *not* secure. You're using the computer
> in an insecure mode, and all SELinux is doing is logging the things that
> it would have stopped.
>
I have actually once seen permissive mode preventing login, IIRC this
was something to do with PackageKit doing its own context based
checks.
As for the rest though, Miroslav's reply is spot on, if there are
specific problems or issues then get help from the selinux list to
sort them out, but the policy setup and tools are mature enough at
this point that it's rare. If Bruce is really concerned, run
permissive, check there's no alerts coming up then switch to
enforcing. Worst that happens is you have to kill that instance
because you lose access, and like I've said I think that's hard to do.
It's not something that's suddenly going to kick you out during
operation in any normal circumstance.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list