[Discuss] SELinux & IPTables
Jerry Feldman
gaf at blu.org
Wed Apr 2 14:28:16 EDT 2014
One issue is that sometimes, companies make this a requirement, and the
IT people who do the real work just have to follow the rules.
Whenever I set up a new system I always to to /etc/selinux and change
config to SELINUX=disabled
I recently change SELINUXTYPE to disabled, and screwed up everything to
where I could not even log in. That is what rescue systems are for.
On 04/02/2014 12:37 PM, Richard Pieri wrote:
> Greg Rundlett (freephile) wrote:
>> It's rather (annoyingly) humorous that there is a webpage at the NSA
>> titled "Current State of SELinux"
>> http://www.nsa.gov/research/_files/selinux/papers/x/text8.shtml which is
>> a blank white page.
>
> That's funny.
>
> Regardless, my suggestion not to use SELinux has nothing to do with
> the NSA. It's because SELinux is the wrong tool most of the time. If
> you don't need multi-level access control then AppArmor offers at
> least as good protection as the SELinux targeted policy (which was
> designed to emulate AppArmor's functionality) in a more easily managed
> form.
>
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
More information about the Discuss
mailing list