FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 08-12-2008, 09:13 PM
Manuel Wolfshant
 
Default SELinux

On 08/12/2008 10:09 PM, Ned Slider wrote:


Thanks.

One wonders why postdrop is interested in /var/log/httpd/error_log?
one plus me equal two people wondering. but I do not trust before
understanding, hence the dontaudit versus allow.

_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 08-17-2008, 09:31 PM
Ned Slider
 
Default SELinux

Ned Slider wrote:

Hi list,

I've knocked up a contribution on SELinux here:

http://wiki.centos.org/HowTos/SELinux



Any suggestions as to where this should be linked under
http://wiki.centos.org/HowTos ?


I don't see an obvious existing category to add it under.

Any thoughts?

_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 08-17-2008, 10:24 PM
Ralph Angenendt
 
Default SELinux

Ned Slider wrote:
> I don't see an obvious existing category to add it under.
>
> Any thoughts?

Open a Security subsection and also move the securing SSH page to there

IMO.

Ralph_____________________________________________ __
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
 
Old 09-12-2008, 07:22 AM
"Gopal Ghosh"
 
Default SELINUX

Dear All,
could anyone explain what's the use of SELINUX and how it work>
Thanks
regards


_______________________________________________
Fedora-laptop-list mailing list
Fedora-laptop-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-laptop-list
 
Old 09-12-2008, 07:34 AM
"Miguel Angel Perez"
 
Default SELINUX

Its an aditionall security layer added on top of the tradicional unix permission system.



http://en.wikipedia.org/wiki/SELinux

2008/9/12 Gopal Ghosh <gopal016@gmail.com>

Dear All,
could anyone explain what's the use of SELINUX and how it work>

Thanks
regards



_______________________________________________

Fedora-laptop-list mailing list

Fedora-laptop-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-laptop-list



Regards,
Miguel Angel Perez

_______________________________________________
Fedora-laptop-list mailing list
Fedora-laptop-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-laptop-list
 
Old 09-12-2008, 08:12 AM
Anders Hartman
 
Default SELINUX

Gopal Ghosh skrev:

Dear All,
could anyone explain what's the use of SELINUX and how it work>
Thanks
regards

------------------------------------------------------------------------

_______________________________________________
Fedora-laptop-list mailing list
Fedora-laptop-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-laptop-list


Try "http://en.wikipedia.org/wiki/SELinux" to start with.

Regards
Anders

_______________________________________________
Fedora-laptop-list mailing list
Fedora-laptop-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-laptop-list
 
Old 09-12-2008, 08:14 AM
"Miguel Angel Perez"
 
Default SELINUX

Hi Gianluca,

Make sure you do a reply-all in gmail to get the reply to the mail list, and not only to the last person who replied it

Here is your reply.

---------- Forwarded message ----------

From: Gianluca Sforna <giallu@gmail.com>
Date: 2008/9/12
Subject: Re: SELINUX
To: Miguel Angel Perez <mangelp@gmail.com>



2008/9/12 Miguel Angel Perez <mangelp@gmail.com>:

> Its an aditionall security layer added on top of the tradicional unix

> permission system.

>

> http://en.wikipedia.org/wiki/SELinux



Additionally:

http://fedoraproject.org/wiki/SELinux





--

Gianluca Sforna



http://morefedora.blogspot.com

http://www.linkedin.com/in/gianlucasforna



Regards,
Miguel Angel Perez

_______________________________________________
Fedora-laptop-list mailing list
Fedora-laptop-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-laptop-list
 
Old 09-12-2008, 09:31 AM
"Gianluca Sforna"
 
Default SELINUX

2008/9/12 Miguel Angel Perez <mangelp@gmail.com>:
> Its an aditionall security layer added on top of the tradicional unix
> permission system.
>
> http://en.wikipedia.org/wiki/SELinux

Additionally:
http://fedoraproject.org/wiki/SELinux


--
Gianluca Sforna

http://morefedora.blogspot.com
http://www.linkedin.com/in/gianlucasforna

_______________________________________________
Fedora-laptop-list mailing list
Fedora-laptop-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-laptop-list
 
Old 11-28-2008, 03:06 PM
Mario Vukelic
 
Default SELinux

On Fri, 2008-11-28 at 16:56 +0100, Johnny Rosenberg wrote:
>
> What is SELinux , why do I need it and how do I enable it?

http://www.nsa.gov/selinux/
http://www.nsa.gov/selinux/info/faq.cfm
http://en.wikipedia.org/wiki/Selinux
https://help.ubuntu.com/community/SELinux

Note that AppArmor has similar goals to SELinux (though implementation
and administration differ) and is better-integrated into Ubuntu (default
since 7.10)
https://help.ubuntu.com/community/AppArmor


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 11-30-2008, 12:05 AM
Bill Davidsen
 
Default Selinux

Wolfgang S. Rupprecht wrote:

Bill Davidsen <davidsen@tmr.com> writes:

That's a bit like asking how to turn off the burglar alarm so
break-ins won't be so noisy. The correct question is how to set
attributes correctly so google earth will run, and the answer may be
in the SElinux report, as it often is. Real the report and see if it
gives you a command to run which solves the problem.


;-)

Good analogy, extra style points for making one feel guilty for
turning off something that sounds like it should be a good thing to
have on in general.

Much easier to have on in distribution configuration on servers, not doing
bizarre stuff. My mail, dns, dhcp servers run fine that way. Clients doing
unusual stuff, not so much.



Each distribution, since I think FC4, I've tried to run selinux and
after a short time decided it simply wasn't worth the trouble. On
anything more complicated than a client-only, stand-alone system, I'd
get low-probability failures creeping out of the woodwork forever.
Selinux as currently delivered is a better DOS than any outside
attacker has ever inflicted on WSRCC in the one and a half dozen years
it has been on the net. (Now, I obviously still believe in chrooted,
internet-faceing programs run as powerless per-daemon users, and I'm a
firm stickler in no non-RSA/DSA remote logins. I just don't like my
own system DOS-ing me randomly.)

This time on F10 selinux lasted exactly 15 minutes. The first time I
tried to log in as an NFS automounted user, I realized that things
have gotten worse in terms of working for me out of the box. Sure I
could fight the issue and use the selinux tools to adjust the
permissions, but why bother, it is clear this hasn't been well tested
and using selinux will be an uphill battle with a pre-alpha quality
permissions database that I'll essentially be maintaining on my own.

Haven't done amd home directories since SonOS (yes, the old 68030 based SunOS
based on BSD), so I can't say, but having had similar issues bind mounting a
home directory I know what you mean, the stock selinux doesn't like that.



I strongly suspect that Red Hat doesn't run with selinux enabled on
their corporate machines. From how rickety everything still is, it
just doesn't feel like they eat their own dog-food. How can NFS-ed
home directories possibly not work if they did? Folks from RH are of
course encouraged to tell me how wrong I am.

I haven't had any problems with system which permanently mount filesystem on
local disk. That's a good bit of my usage, and all my server usage, the only
thing worse than single points of failure is multiple single points of failure,
and proper redundancy is expensive.


I don't have an answer for your automount issue, my bind mount (in rc.local) is
followed by some selinux blessing, which I took directly from the warning in
active but not enforcing mode. After I sprinkle the mount with holy water it works.


--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
 

Thread Tools




All times are GMT. The time now is 09:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org