[aklug] Re: selinux more trouble than it's worth?

On Centos or RHEL,

system-config-securitylevel

Or,

vi /etc/sysconfig/selinux

And set to "permissive" instead of "enforcing".

Adam

Lee wrote:
> That's 'permissive' mode. That's what it is at now (which I fortunately discovered
> early on, but I still get all the stupid popup boxes on the desktop). Plus centos
> (and presumably RHEL as well) 'helps' you by re-activating the 'active' mode on
> reboot. Yes, I know we're supposed to never have to reboot, but I do anyway,
> particularly on setups and installs.
>
> I could do a cron job to reset it to 'permissive', but that's ugly, and shouldn't even
> have to do that at all.
>
> Thanks though.
>
> Lee
>
>
> ---------- Original Message -----------
> From: barsalou <barjunk@attglobal.net>
> To: Lee <lee@afabco.org>
> Cc: aklug@aklug.org
> Sent: Tue, 02 Jun 2009 11:29:52 -0800
> Subject: Re: [aklug] selinux more trouble than it's worth?
>
>
>> Quoting Lee <lee@afabco.org>:
>>
>>
>>> Well, I've just spent the last two days setting up a centralized
>>> syslog server on bare
>>> metal.using centos5, mysql, php, phplogcon and apache2 All went
>>> well until I actually
>>> started trying to, like, do useful stuff.
>>>
>>> Nothing worked as expected.
>>>
>>> 9 out of 10 issues were selinux related.
>>>
>>> And there are still issues, but at least stuff is working now.
>>>
>>> So it seems to me at this point that selinux is way the hill more
>>> trouble than it's worth.
>>>
>>> But before I deactivate selinux in disgust and consign it to the
>>> 'interesting idea way
>>> more trouble than it's worth in real life' pile, I thought I'd see
>>> if others shared my
>>> thinking, or whether consensus is that selinux is seen as a useful
>>> and practical thing.
>>>
>>> Thanks.
>>>
>> As you've discovered, figuring out what it affects and how to mold it
>> to your needs is the hardest part.
>>
>> I'd like to suggest that you turn the setting to 'warn' or 'audit'
>> Can't remember the name it was given....it's not on, but it's not off
>> either.
>>
>> This will give you logging information to let you know that if you
>> have it turned on, then these things will be an issue.
>>
>> Give that a try....you'll get the best of both worlds....being able to
>> get stuff done, and knowing what needs to be modified so that stuff
>> will continue to work when you turn it on for good.
>>
>> Just an idea.
>>
>> Mike B.
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
> ------- End of Original Message -------
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
>

-- 
Adam
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.