[GLLUG] SELinux
Matthew Cooke
mpcooke3 at lineone.net
Wed Mar 9 19:26:05 UTC 2005
Shortly after my last machine got rooted I decided to try SELinux on
fedora core 3. I've been thoroughly impressed.
I took various other security measures including enforcing wheel group,
keeping much more up-to-date using yum, iptables and various other bits
and bobs and SELinux was the most hassle of all of these.
SELinux is a pain when using any non-default configuration of apps (and
some default ones too!) but overall I actually felt it was well worth
it.
The only caveat i should add to this is that my box was just rooted
again. But SELinux wasn't covering every app as it was running in
targeted mode...
Matt. (crying a little)
On Mon, 2005-03-07 at 09:32 +0000, Steve Nelson wrote:
> A while back we failed to have a reasoned debate about SELinux - ie
> no-one said anything! I thought I'd raise it again...
>
> Summary:
>
> Agk claimed that all professional linux sysadmins will need to
> understand it as it becomes mainstream over the next year or so.
>
> A counter opinion was raised - this is unlikely; SELinux is "an
> over-engineered, non-Unix solution to a problem that affects a tiny
> minority of high-end systems."
>
> We're too old-fashioned to use SELinux - we're still running 2.4
> kernels - but what are other people's experiences and/or opinions?
>
> Steve
--
Matthew Cooke <mpcooke3 at lineone.net>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list