On Fri, Feb 25, 2011 at 5:24 PM, Dagmar d'Surreal <[email protected]>wrote:
> On Wed, 2011-02-23 at 08:09 -0800, Terry Trapp wrote: > > I have recently been brought back from the Dark Sideā¢ to administer some > Linux boxen. Something that has changed in my absence is that SELinux is now > enabled by default and appears to have a fairly prohibitive default policy. > (On CentOS) I would like to draw on the group's experience and know your > thoughts, opinions and philosophy of how best to deal with it. > > > > My initial thought is to leave it enabled and adjust the policy as needed > for a given service. The issue I have ran into is that I have not found a > comprehensive CLI tool to administer the policy. Outright disabling it has > been the best answer in a couple of cases. > > > > Also, does anyone know of a good book that can give an overview of the > current implementation of SELinux? > > Steal RHEL's config and their happy little python tool. Basically, it > gives you a decent template of permissions for all directories, and the > python tool lets you just fist-type what amounts to a chdowtfIsayown > -R /var/www, for example. > > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > Rolled on the floor!!! Best line here in forever! -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
