[aklug] Re: selinux more trouble than it's worth?

That's 'permissive' mode. That's what it is at now (which I fortunately discovered
early on, but I still get all the stupid popup boxes on the desktop). Plus centos
(and presumably RHEL as well) 'helps' you by re-activating the 'active' mode on
reboot. Yes, I know we're supposed to never have to reboot, but I do anyway,
particularly on setups and installs.

I could do a cron job to reset it to 'permissive', but that's ugly, and shouldn't even
have to do that at all.

Thanks though.

Lee

---------- Original Message -----------
From: barsalou <barjunk@attglobal.net>
To: Lee <lee@afabco.org>
Cc: aklug@aklug.org
Sent: Tue, 02 Jun 2009 11:29:52 -0800
Subject: Re: [aklug] selinux more trouble than it's worth?

> Quoting Lee <lee@afabco.org>:
>
> > Well, I've just spent the last two days setting up a centralized
> > syslog server on bare
> > metal.using centos5, mysql, php, phplogcon and apache2 All went
> > well until I actually
> > started trying to, like, do useful stuff.
> >
> > Nothing worked as expected.
> >
> > 9 out of 10 issues were selinux related.
> >
> > And there are still issues, but at least stuff is working now.
> >
> > So it seems to me at this point that selinux is way the hill more
> > trouble than it's worth.
> >
> > But before I deactivate selinux in disgust and consign it to the
> > 'interesting idea way
> > more trouble than it's worth in real life' pile, I thought I'd see
> > if others shared my
> > thinking, or whether consensus is that selinux is seen as a useful
> > and practical thing.
> >
> > Thanks.
>
> As you've discovered, figuring out what it affects and how to mold it
> to your needs is the hardest part.
>
> I'd like to suggest that you turn the setting to 'warn' or 'audit'
> Can't remember the name it was given....it's not on, but it's not off
> either.
>
> This will give you logging information to let you know that if you
> have it turned on, then these things will be an issue.
>
> Give that a try....you'll get the best of both worlds....being able to
> get stuff done, and knowing what needs to be modified so that stuff
> will continue to work when you turn it on for good.
>
> Just an idea.
>
> Mike B.
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
------- End of Original Message -------

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 2 11:39:58 2009