SELinux? 2007-11-02 - By Bill Tangren
Back
On Wed, October 31, 2007 9:58 pm, mark wrote:
> Bill Hillier wrote:
>> NFlorez@(protected) wrote:
>>> How do I disable and enable Selinux?
>>>
>> setenforce command ....
>>
>> setenforce 0
>> setenforce 1
>
> And reboot. And forget about it. It's a honkin' pain in the neck, unless
> you're
> running a completely canned system, and the users are only allowed to do
> what
> you've allowed them to do. May be fine for, oh, the Pentagon or the CIA,
> but in
> the real world, it's security through making it next to impossible to *do*
> anything.
Is it a pain sometimes? You betcha. I think it's worth it, though. I have,
on occasion been stopped temporarily from doing what I wanted to do, but
now that I understand how better how it works, I have no problems with it.
If someone *does* manage to crack in and take over, let's say apache, I'll
be very glad I didn't 'setenforce 0'.
Just my $0.02 worth.
Bill
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
|
|
