Subject: | |
From: | |
Reply To: | |
Date: | Fri, 21 Oct 2011 10:49:47 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 10/20/2011 10:30 PM, Todd And Margo Chester wrote:
> Hi All,
>
> I have always found selinux a pain in the neck, and in
> past have just removed it to get my stuff working.
>
> Question: what are the ramifications of just removing
> selinux from SL 6.1? Is selinux worth the effort?
>
> Many thanks,
> -T
It _is_ a pain in the neck and that fact alone is evidence that it is
helping protect your system.
I leave it enabled on any machine that listens on the internet or that
is publicly accessible. However, you will certainly need to get
friendly with sealert, audit2allow etc. and create custom policies to
get some things working.
It's not really that hard and IMO worth the extra effort.
Jeff
|
|
|