On 6/11/2013 4:34 PM, Orion Poplawski wrote: > On 11/4/2013 7:25 PM, Steven Haigh wrote: >> >> Do many people use SELinux in the enforcing mode? >> >> While I'm a bit old school, I don't know many people who even have >> SELinux in permissive mode - let alone enforcing... >> > > I run SELinux in enforcing mode on almost all of our SL and Fedora > servers and workstations. Only exception is our compute machines due to > some issue with gridengine/openmpi. I view it as a very essential > security component. As part of your security policy - how do you test that SELinux is actually doing what it is supposed to? Apart from the obvious DENIED messages that it gives off, there doesn't seem to be any way to check that it will actually stop unexpected access to various system components. Is there anything further than 'well, its enabled!'? -- Steven Haigh Email: [log in to unmask] Web: https://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 Fax: (03) 8338 0299