SeLinux - is it worth it?
kim at hawtin.net.au
Wed Sep 10 16:15:11 CST 2014
On 10/09/14 09:40, Andrew Galdes wrote:
> I troubleshoot SELinux like this:
> 1. Turn SELinux on from the start. It's better to troubleshoot one
> thing at a time rather than everything at the once at the end.
> 2. If something strange is happening (or not happening), turn SELinux
> into Permissive mode and see if it still happens. This will tell you
> if SELinux is involved.
in permissive it generates enourmous logs of cruft you have to trawl
through. eventually you find the files it "can't" write to or similar and
> 3. If SELinux is involved, change back to Enforcing mode and check logs
> for both the application experiencing the issue and the SELinux
> logs. You need a few extra package for the SELinux tools available
> via YUM (policycoreutils is one that i can remember right now).
rince, lather, repeat; 2,3, for ages and ages until it works or you give
up because $DEADLINES and turn it off and push it to production...
or move to a vm/chroot/jail/container model instead, with regular backups ;)
More information about the linuxsa