Re: [CentOS] Correct xen domains path

2007-06-19 Thread Stephen John Smoogen
On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: On Mon, Jun 18, 2007 at 12:18:40PM -0600, Stephen John Smoogen wrote: > On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: > >I've never said there are _no_ cases for SELinux. I was questioning it > >as a general rule for all machines. >

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Daniel de Kok
On Mon, 2007-06-18 at 15:26 -0600, Stephen John Smoogen wrote: > I am sorry, but while I believe that it was meant in jest... Yes, it was a slight reference to a message from a few days ago. > the core > of the problem is that turning it off is the default answer from too > many people who have n

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen John Smoogen
On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: On Mon, Jun 18, 2007 at 12:18:40PM -0600, Stephen John Smoogen wrote: > On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: > >I've never said there are _no_ cases for SELinux. I was questioning it > >as a general rule for all machines. >

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen Harris
On Mon, Jun 18, 2007 at 12:18:40PM -0600, Stephen John Smoogen wrote: > On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: > >I've never said there are _no_ cases for SELinux. I was questioning it > >as a general rule for all machines. > Several of the problems were machines that were not conn

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen John Smoogen
On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: On Mon, Jun 18, 2007 at 10:31:30AM -0600, Stephen John Smoogen wrote: > On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: > >I've not heard a good reason to keep SELinux enabled, to be honest. > >For high sensitivity stuff, sure (much like

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen Harris
On Mon, Jun 18, 2007 at 07:17:54PM +0200, Daniel de Kok wrote: > On Mon, 2007-06-18 at 12:56 -0400, Stephen Harris wrote: > > The security rule of thumb here is that such machine _will_ be attacked, > > and so "security in depth" is the process to apply. > > There are far more attack vectors than

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Daniel de Kok
On Mon, 2007-06-18 at 12:56 -0400, Stephen Harris wrote: > The security rule of thumb here is that such machine _will_ be attacked, > and so "security in depth" is the process to apply. There are far more attack vectors than just through network facing daemons. To name just one example, web browse

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen Harris
On Mon, Jun 18, 2007 at 10:31:30AM -0600, Stephen John Smoogen wrote: > On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: > >I've not heard a good reason to keep SELinux enabled, to be honest. > >For high sensitivity stuff, sure (much like using SEOS on Solaris for high > >sensitivity machines

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen Harris
On Mon, Jun 18, 2007 at 06:45:26PM +0200, Daniel de Kok wrote: > On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote: > > I've not heard a good reason to keep SELinux enabled, to be honest. > > For high sensitivity stuff, sure (much like using SEOS on Solaris for high > > sensitivity machines -

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Daniel de Kok
On Mon, 2007-06-18 at 12:03 -0400, Stephen Harris wrote: > I've not heard a good reason to keep SELinux enabled, to be honest. > For high sensitivity stuff, sure (much like using SEOS on Solaris for high > sensitivity machines - eg those where third parties might have access). > But as a general ru

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen John Smoogen
On 6/18/07, Stephen Harris <[EMAIL PROTECTED]> wrote: On Mon, Jun 18, 2007 at 05:46:27PM +0200, Daniel de Kok wrote: > On Mon, 2007-06-18 at 11:07 -0400, Stephen Harris wrote: > > On Mon, Jun 18, 2007 at 11:05:24AM -0400, Rick Barnes wrote: > > > My preference was to use /srv/xen and then symlink

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen Harris
On Mon, Jun 18, 2007 at 05:46:27PM +0200, Daniel de Kok wrote: > On Mon, 2007-06-18 at 11:07 -0400, Stephen Harris wrote: > > On Mon, Jun 18, 2007 at 11:05:24AM -0400, Rick Barnes wrote: > > > My preference was to use /srv/xen and then symlink /srv/xen/etc to > > > /etc/xen and /srv/xen/images to

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Daniel de Kok
On Mon, 2007-06-18 at 11:07 -0400, Stephen Harris wrote: > On Mon, Jun 18, 2007 at 11:05:24AM -0400, Rick Barnes wrote: > > My preference was to use /srv/xen and then symlink /srv/xen/etc to > > /etc/xen and /srv/xen/images to /var/lib/xen/images > > My preference is to disable SELinux totally an

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Stephen Harris
On Mon, Jun 18, 2007 at 11:05:24AM -0400, Rick Barnes wrote: > My preference was to use /srv/xen and then symlink /srv/xen/etc to > /etc/xen and /srv/xen/images to /var/lib/xen/images My preference is to disable SELinux totally and use /xen as a seperate mount point :-) Which I would be using no

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Rick Barnes
Daniel de Kok wrote: On Mon, 2007-06-18 at 11:50 +0200, Jordi Espasa Clofent wrote: 1. According to http://wiki.centos.org/HowTos/Xen/InstallingCentOSDomU?highlight=%28xen%29 it would be /srv/xen or even /var/lib/xen/images. ¿What is the correct absolute path to put into the xen domains file

Re: [CentOS] Correct xen domains path

2007-06-18 Thread Daniel de Kok
On Mon, 2007-06-18 at 11:50 +0200, Jordi Espasa Clofent wrote: > 1. According to > http://wiki.centos.org/HowTos/Xen/InstallingCentOSDomU?highlight=%28xen%29 > it would be /srv/xen or even /var/lib/xen/images. > > ¿What is the correct absolute path to put into the xen domains files? Whatever yo

[CentOS] Correct xen domains path

2007-06-18 Thread Jordi Espasa Clofent
Hi all, Two questions 1. According to http://wiki.centos.org/HowTos/Xen/InstallingCentOSDomU?highlight=%28xen%29 it would be /srv/xen or even /var/lib/xen/images. ¿What is the correct absolute path to put into the xen domains files? 2. Moreover, if you want the domU(s) boot together dom0,