PDA

View Full Version : SELinux



leflores80
3rd July 2007, 04:22 PM
Hello,

I was wondering how useful or necessary is SELinux.. I keep getting conflicts even when downloading and installing updates.. can I just turn it off?

Thanks!

sideways
3rd July 2007, 04:28 PM
Yes you can just disable it but probably better to put it in permissive mode, that will allow context labels to be correctly maintained on files but won't enforce any restrictions. In F7 I have had particular problems with nfs, rpc and selinux. setroubleshootd is installed by default in F7 and enables viewing of selinux denials as the occur.

Change to permissive mode using system-config-selinux.

leflores80
3rd July 2007, 04:30 PM
Thanks for the reply!

SlowJet
3rd July 2007, 05:13 PM
Hello,

I was wondering how useful or necessary is SELinux.. I keep getting conflicts even when downloading and installing updates.. can I just turn it off?

Thanks!


SELinux is very useful and very important.
It is a MAC security system that protects almost every piece of software running on the system from being accessed incorrectly or from foreign code.
It protects the system from itself, it protects users from other users, and protects the system from users.
Anything that get in to a user space will be confined to that user.

Not much can get in if you use the iptables firewall and some hardening on any services.

There are setools that make it very easy to capture any nagging avc messages from the audit log and create a separate module to add to the SELinux-Policy.
SEManager allows many boolean controls.
SETroubleshoot tells you the problem and shows a command that may work to set the security.
SELinx-list has several people that are activity making policy for their systems and the knowledge base is building fast.

Without SELinux and LVM, Fedora is the last distribution someone should be running, especially a newbie.

If you don't take the time to learn the new stuff, you may as well be running SUSE 10.x alphas.

SJ

Jongi
3rd July 2007, 10:28 PM
Does it have issues with ntfs-3g? And have ReiserFS issues been sorted?