On 04/19/10 17:33, Gerry Creager wrote:
I've used permissive mode in the past and decided it offered few
benefits, and have abandoned it. I'm very careful with firewalls, and
Public-facing system, small user community. Shared accounts replaced with
sudo-only access (i.e. to the LDM user). Behind a firewall, etc, etc.
But we still want to know when something is amiss.
Since RHEL 5.2 or so, there are decent tools to manage policies and
whatnot, so I don't see it as a problem ... Unlike 4.x where the only thing
you needed to do to SElinux was disable it. It looks, though, like
on-the-fly changing from permissive to enforcing doesn't really work (or I
missed something).
As I may have noted, since the reboot, I am now actually seeing the
warnings I had expected to see when we were in permissive mode before.
I'll get the labels and policies right at some point. Since most of the
errors are httpd-related it's likely just a matter of correcting the
attributes on the directory, which isn't where SElinux expects it to be.
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws@xxxxxx
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc@xxxxxx. Thank you!
