On Monday, August 30, 2010 07:56:50 pm Von Fugal wrote: > > - CentOS ships SELinux > > Hrmm, I hope there's not too much involved with that. I am clueless about > SELinux.
SELinux rocks, but some really basic pointers can help.
First of all, if you run into something that isn't working and you suspect
it's because of SELinux, you can temporarily put SELinux into "permissive
mode":
sudo /usr/sbin/setenforce 0
(Use 1 in place of the 0 to turn it back on.)
If you decide you want to run in permissive mode all the time, simply edit
/etc/sysconfig/selinux, change SELINUXTYPE=permissive, and reboot.
RHEL/CentOS's default SELinux configuration compartmentalizes various daemons
like Samba and Apache which is really nice in the event that there is some
kind of security breach because then the attacker is limited in what kind of
damage they can wreak.
If you want to tweak how SELinux affects Apache, see the httpd_selinux man
page. For Samba, the samba_selinux man page. NFS, nfs_selinux, and so on.
Stuart Jansen gave a presentation for PLUG in 2008 on SELinux. Video of this
presentation is available here: http://opensourcetv.tv/video/16.html
--
Doran L. Barton <[email protected]>
Open-source developer, sysadmin, consultant, and all-around geeky dude
"I sick and stay in bed with a clod."
-- Memo sent inside Japanese company in London
signature.asc
Description: This is a digitally signed message part.
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
