On Tue, Nov 24, 2009 at 11:18 AM, Graham Stewart
<[log in to unmask]> wrote:
> We run many Library / web / database applications on RedHat servers with
> SELinux enabled. Sometimes it takes a bit of investigation and horsing
> around but I haven't yet found a situation where it had to be disabled.
> setsebool and chcon can solve most problems and SELinux is an excellent
> enhancement to standard filesystem and ACL security.
Agreed that SELinux is useful but it is a tee-otal pain in the keister
if you're ignorantly working against it because you didn't actually
know it was there.
It's sort of the perfect embodiment between the disconnect between the
developer and the sysadmin. And, if this sort of tension interests
you, vote for Bess Sadler's presentation at Code4lib 2010: "Vampires
vs. Werewolves: Ending the War Between Developers and Sysadmins with
Puppet" and anything else that interests you.
http://vote.code4lib.org/election/index/13
-Ross "Bringin' it on home" Singer.
|