[Discuss] SELinux & IPTables

[gaf at blu.org (Jerry Feldman)]

One issue is that sometimes, companies make this a requirement, and the
IT people who do the real work just have to follow the rules.
Whenever I set up a new system I always to to /etc/selinux and change
config to SELINUX=disabled
I recently change SELINUXTYPE to disabled, and screwed up everything to
where I could not even log in. That is what rescue systems are for.

On 04/02/2014 12:37 PM, Richard Pieri wrote:
> Greg Rundlett (freephile) wrote:
>> It's rather (annoyingly) humorous that there is a webpage at the NSA
>> titled "Current State of SELinux"
>> http://www.nsa.gov/research/_files/selinux/papers/x/text8.shtml which is
>> a blank white page.
>
> That's funny.
>
> Regardless, my suggestion not to use SELinux has nothing to do with
> the NSA. It's because SELinux is the wrong tool most of the time. If
> you don't need multi-level access control then AppArmor offers at
> least as good protection as the SELinux targeted policy (which was
> designed to emulate AppArmor's functionality) in a more easily managed
> form.
>

-- 
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90 
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90