[aklug] Re: selinux more trouble than it's worth?

Quoting Lee <lee@afabco.org>:

> Well, I've just spent the last two days setting up a centralized =20
> syslog server on bare
> metal.using centos5, mysql, php, phplogcon and apache2 All went =20
> well until I actually
> started trying to, like, do useful stuff.
>
> Nothing worked as expected.
>
> 9 out of 10 issues were selinux related.
>
> And there are still issues, but at least stuff is working now.
>
> So it seems to me at this point that selinux is way the hill more =20
> trouble than it's worth.
>
> But before I deactivate selinux in disgust and consign it to the =20
> 'interesting idea way
> more trouble than it's worth in real life' pile, I thought I'd see =20
> if others shared my
> thinking, or whether consensus is that selinux is seen as a useful =20
> and practical thing.
>
> Thanks.

As you've discovered, figuring out what it affects and how to mold it =20
to your needs is the hardest part.

I'd like to suggest that you turn the setting to 'warn' or 'audit' =20
Can't remember the name it was given....it's not on, but it's not off =20
either.

This will give you logging information to let you know that if you =20
have it turned on, then these things will be an issue.

Give that a try....you'll get the best of both worlds....being able to =20
get stuff done, and knowing what needs to be modified so that stuff =20
will continue to work when you turn it on for good.

Just an idea.

Mike B.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 2 11:30:16 2009