On 10/02/2011 09:08 AM, mickey wrote:
> In F15 they have made it very easy to fix Selinux warnings.
> when a selinux warning Icon appears on panel bar, open it and in window
> click on Troubleshoot, and in there it gives a command to run from
> command line to fix the SeLinux errors.
Also in F14.
On 10/02/2011 10:48 AM, Thomas Cameron wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/20/2011 06:14 AM, Martín Marqués wrote:
>> I reinstalled (better hardware) a server and had selinux enabled (was
>> disabled before), and I starting to see why so many people don't use
>> selin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/20/2011 06:14 AM, Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selin
On Sat, 2011-09-24 at 19:43 -0700, Craig White wrote:
> Your choice not to use it is of course your own but I can assure you
> that it is indeed possible to use it, create a reasonably effective
> security layer through it with a minimum level of difficulty - or at
> least a manageable level of dif
On 09/24/2011 09:43 PM, Craig White wrote:
>if you are pre-disposed to
> creating files in one location and moving them to an entirely different
> location which is certain to create contextual problems.
If there is a reasonably small set of locations into which you are
habitually moving f
On Sat, 2011-09-24 at 21:19 -0300, Martin Cigorraga wrote:
> Hi Andreas,
> "SELinux has wasted too much time of my life over the years,
> so I decided to no longer use it. I keep my computers up to date
> and configure them properly. If that isn't enough, bad luck."
>
> You shoudn't have any probl
Hi Andreas,
"SELinux has wasted too much time of my life over the years,
so I decided to no longer use it. I keep my computers up to date
and configure them properly. If that isn't enough, bad luck."
You shoudn't have any problems at all... c'on, it's GNU/Linux! Even a local
firewall is obsolete d
Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selinux?
SELinux is a mighty thing, but it's way too complex. It's mi
Daniel J Walsh wrote:
> Have you looked at the latest setroubleshoot that is in Fedora and
> will be in RHEL 6.2?
I haven't, but I'm looking at setroubleshoot-doc, available with CentOS-6
but not with CentOS-5.6.
Thanks for the suggestion.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
te
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/22/2011 06:36 AM, Martín Marqués wrote:
> Would the RHEL package work OK on Fedora 15? Why not push it to
> rawhide?
>
The fix is in F16/Rawhide, I am not sure if it was back ported to F15,
if not it is a bug.
> 2011/9/21 Daniel J Walsh : On 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/21/2011 08:05 PM, Timothy Murphy wrote:
> Rahul Sundaram wrote:
>
>> On 09/21/2011 06:09 PM, Timothy Murphy wrote:
>>> I wonder if these very high percentages are not due to the fact
>>> that the information is collected soon after CentOS is
>>>
Just checked, and I have newer policy packages installed in my Fedora
15 server then the ones for RHEL6.
El día 22 de septiembre de 2011 07:36, Martín Marqués
escribió:
> Would the RHEL package work OK on Fedora 15? Why not push it to rawhide?
>
> 2011/9/21 Daniel J Walsh :
>> -BEGIN PGP SIGN
Would the RHEL package work OK on Fedora 15? Why not push it to rawhide?
2011/9/21 Daniel J Walsh :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/20/2011 07:37 PM, Martín Marqués wrote:
>> 2011/9/20 David Quigley :
>>> On 09/20/2011 16:17, Martín Marqués wrote:
Yes, I get s
Rahul Sundaram wrote:
> On 09/21/2011 06:09 PM, Timothy Murphy wrote:
>> I wonder if these very high percentages are not due to the fact that
>> the information is collected soon after CentOS is installed, when
>> SELinux is enabled by default?
>
> Smolt has a cron job that keeps the profiles upd
On 09/21/2011 06:09 PM, Timothy Murphy wrote:
> I wonder if these very high percentages are not due to the fact that
> the information is collected soon after CentOS is installed, when
> SELinux is enabled by default?
Smolt has a cron job that keeps the profiles updated. So if you disable
SELinux
On 09/20/2011 05:37 PM, Tom Horsley wrote:
> And, of course, the standard selinux policy files shipped with fedora
> have grown in the exact same fashion. The reason most folks don't have
> problems with selinux any longer is that all the quirks and foibles of
> all the programs shipped with fedora
On 09/21/2011 12:02, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/21/2011 11:37 AM, David Quigley wrote:
>> On 09/21/2011 09:24, Daniel J Walsh wrote: On 09/20/2011 07:37 PM,
>> Martín Marqués wrote:
> 2011/9/20 David Quigley :
>> On 09/20/2011 16:17, Ma
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/21/2011 11:37 AM, David Quigley wrote:
> On 09/21/2011 09:24, Daniel J Walsh wrote: On 09/20/2011 07:37 PM,
> Martín Marqués wrote:
2011/9/20 David Quigley :
> On 09/20/2011 16:17, Martín Marqués wrote:
>>
>> Yes, I get selinux
On 09/21/2011 09:24, Daniel J Walsh wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 09/20/2011 07:37 PM, Martín Marqués wrote:
>> 2011/9/20 David Quigley :
>>> On 09/20/2011 16:17, Martín Marqués wrote:
Yes, I get selinux alerts. I stated them in an earlier mail.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/20/2011 07:37 PM, Martín Marqués wrote:
> 2011/9/20 David Quigley :
>> On 09/20/2011 16:17, Martín Marqués wrote:
>>>
>>> Yes, I get selinux alerts. I stated them in an earlier mail.
>>>
>>> From the alerts, the only one that gave me trouble wa
Christoph Wickert wrote:
>> > My question is, how many people are using selinux?
>>
>> 60,8% [1]
>
> Sorry, the actual percentage of people who 'use' it is 79.8% and 68.6%
> have it in enforcing mode.
I wonder if these very high percentages are not due to the fact
that the information is collec
On 09/20/2011 04:14 AM, Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selinux?
>
> I, for instance, am about to disable it.
On 09/20/2011 03:10 PM, Alan Cox wrote:
> In some perhaps. The big cases it helps are desktop (mostly protecting
> against browser stuff) - where it usually just works, and web serving,
> where it's most definitely valuable but does mean reading the docs.
I always find it interesting when people s
2011/9/20 David Quigley :
> On 09/20/2011 16:17, Martín Marqués wrote:
>>
>> Yes, I get selinux alerts. I stated them in an earlier mail.
>>
>> From the alerts, the only one that gave me trouble was mod_python,
>> and
>> basically trac.
>>
>> Also, apache couldn't conect to the PostgreSQL server, b
On 09/20/2011 16:17, Martín Marqués wrote:
> 2011/9/20 Joe Zeff :
>> On 09/20/2011 12:57 PM, Martín Marqués wrote:
>>> I'd like to believe my problem is due to lack of selinux
>>> configuration
>>> knowledge, and not that it's useless.
>>
>> Are you getting SELinux alerts? If so, it may be an iss
2011/9/20 Joe Zeff :
> On 09/20/2011 12:57 PM, Martín Marqués wrote:
>> I'd like to believe my problem is due to lack of selinux configuration
>> knowledge, and not that it's useless.
>
> Are you getting SELinux alerts? If so, it may be an issue; if not, it's
> a waste of time playing with it. Th
> It`s that in the *real world*, getting the immensely-complicated policy
> machinery correct is next-to-impossible. And by correct, I mean
>``provides security, and never causes unwanted failures of
> applications``.
For the web servers I'm running it was a simple matter of reading the
man
On 09/20/2011 12:57 PM, Martín Marqués wrote:
> I'd like to believe my problem is due to lack of selinux configuration
> knowledge, and not that it's useless.
Are you getting SELinux alerts? If so, it may be an issue; if not, it's
a waste of time playing with it. The reason I asked is because I
On 20/09/2011 3:57 PM, Martín Marqués wrote:
> 2
> I spoke with someone who works in HP (system administration) that told
> me they have SELinux disabled on the servers, as the overhead in
> administration is to high.
>
> I'd like to believe my problem is due to lack of selinux configuration
> know
2011/9/20 Joe Zeff :
> On 09/20/2011 04:14 AM, Martín Marqués wrote:
>> My question is, how many people are using selinux?
>>
>> I, for instance, am about to disable it.
>
> I use it on both of my computers. Why are you going to disable it? Do
> you like being insecure?
I spoke with someone who
2011/9/20 Alan Cox :
>> If so, no wonder you're having grief. While SELinux was off, your
>> system was writing files without setting any SELinux contexts. So,
>
> If SELinux was set to permissive then it was writing data but allowing
> actions, if not then when you switched it on it would have d
On 09/20/2011 04:14 AM, Martín Marqués wrote:
> My question is, how many people are using selinux?
>
> I, for instance, am about to disable it.
I use it on both of my computers. Why are you going to disable it? Do
you like being insecure?
--
users mailing list
users@lists.fedoraproject.org
To
> If so, no wonder you're having grief. While SELinux was off, your
> system was writing files without setting any SELinux contexts. So,
If SELinux was set to permissive then it was writing data but allowing
actions, if not then when you switched it on it would have done an
automatic relabel on
Martín Marqués wrote:
> My question is, how many people are using selinux?
>
> I, for instance, am about to disable it.
I use it without interruption. I have not disabled it since Fedora Core 2 or 3,
perhaps earlier. Since then, it has worked infallibly and without cause for
gripe.
--
users
On 09/20/2011 02:13 PM, Christoph Wickert wrote:
> Am Dienstag, den 20.09.2011, 08:14 -0300 schrieb Martín Marqués:
>
>> My question is, how many people are using selinux?
>
> 60,8% [1]
>
> Regards,
> Christoph
>
> [1] http://smolts.org/static/stats/stats.html
>
I see 68.6 % in enforcing mo
Am Dienstag, den 20.09.2011, 20:13 +0200 schrieb Christoph Wickert:
> Am Dienstag, den 20.09.2011, 08:14 -0300 schrieb Martín Marqués:
>
> > My question is, how many people are using selinux?
>
> 60,8% [1]
Sorry, the actual percentage of people who 'use' it is 79.8% and 68.6%
have it in enforcin
Am Dienstag, den 20.09.2011, 08:14 -0300 schrieb Martín Marqués:
> My question is, how many people are using selinux?
60,8% [1]
Regards,
Christoph
[1] http://smolts.org/static/stats/stats.html
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
h
Tom Horsley gmail.com> writes:
> ...
> So basically, you can get a system which is every bit as secure
> as one running selinux by turning off selinux, and then you don't
> ever get bothered by the "occasional need" to write a custom
> policy, or get fooled into a sense of security because you
>
On Tuesday, September 20, 2011 10:30:38 AM Tim wrote:
> On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> > I reinstalled (better hardware) a server and had selinux enabled (was
> > disabled before), and I starting to see why so many people don't use
> > selinux.
>
> Let's clarify what yo
On Tue, Sep 20, 2011 at 09:12:37 -0500,
Richard Shaw wrote:
>
> Beware of one problem with the sealert/audit2allow instructions. At
> least in my experience, it goes through the whole log and creates a
> policy to allow all denied actions, not necessarily just the one you
> care about. Also, th
On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
Let's clarify what you've written... You are, now, trying to run a
system with SELinux
execute things (like apache with mod_python).
>
> 2011/9/20 antonio.montagn...@alice.it
> :
>>
>>
>>> Messaggio originale Da: martin.marq...@gmail.com Data:
>>> 20-set-2011
>> 13.14
>>> A: "Community assistance, encouragement, a
2011/9/20 Bruno Wolff III :
> On Tue, Sep 20, 2011 at 09:31:14 -0300,
> Martín Marqués wrote:
>>
>> For example, I moved the trac repos to /var/lib/trac, and so apache
>> needs extra append and access policy on some of those directories. How
>> would I add those policies?
>
> If you move stuff ar
On Tue, Sep 20, 2011 at 09:31:14 -0300,
Martín Marqués wrote:
>
> For example, I moved the trac repos to /var/lib/trac, and so apache
> needs extra append and access policy on some of those directories. How
> would I add those policies?
If you move stuff around that affects the default labelli
On Tue, Sep 20, 2011 at 09:25:15 -0300,
Martín Marqués wrote:
>
> Lots of reports with various servers:
>
> - postfix doesn't have access to bounce directory
> - trac can't append to log files
> - abrt complains (can't remember for what).
These should be reported as bugs.
--
users mailing li
On 09/20/2011 08:07 PM, Tom Horsley wrote:
> On Tue, 20 Sep 2011 19:37:04 +0800
> Ed Greshko wrote:
>
>> Other than the occasional need for a custom policy I've not had any problems.
> And did you perform an intensive security review of the source for the
> program requiring the custom policy to in
2011/9/20 Ed Greshko :
> "Martín Marqués" wrote:
>
>>I reinstalled (better hardware) a server and had selinux enabled (was
>>disabled before), and I starting to see why so many people don't use
>>selinux.
>>
>>My question is, how many people are using selinux?
>>
>>I, for instance, am about to dis
io originale
>>Da: martin.marq...@gmail.com
>>Data: 20-set-2011
> 13.14
>>A: "Community assistance, encouragement,
>> and advice for using Fedora."
>
>>Ogg: selinux is a pain
>>
>>I reinstalled (better
> hardware) a server and ha
2011/9/20 Alan Cox :
> On Tue, 20 Sep 2011 08:14:18 -0300
> Martín Marqués wrote:
>
>> I reinstalled (better hardware) a server and had selinux enabled (was
>> disabled before), and I starting to see why so many people don't use
>> selinux.
>>
>> My question is, how many people are using selinux?
Sitat MartÃn Marqués :
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selinux?
>
> I, for instance, am about to disable it.
It depends a bit
On Tue, 20 Sep 2011 19:37:04 +0800
Ed Greshko wrote:
> Other than the occasional need for a custom policy I've not had any problems.
And did you perform an intensive security review of the source for the
program requiring the custom policy to insure that it is in fact
perfectly OK to allow whatev
"Martín Marqués" wrote:
>I reinstalled (better hardware) a server and had selinux enabled (was
>disabled before), and I starting to see why so many people don't use
>selinux.
>
>My question is, how many people are using selinux?
>
>I, for instance, am about to disable it.
As with others, I've be
On Tue, 2011-09-20 at 08:14 -0300, Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selinux?
>
> I, for instance, am about t
>Messaggio originale
>Da: martin.marq...@gmail.com
>Data: 20-set-2011
13.14
>A: "Community assistance, encouragement,
> and advice for using Fedora."
>Ogg: selinux is a pain
>
>I reinstalled (better
hardware) a server and had selinux ena
Around 12:14pm on Tuesday, September 20, 2011 (UK time), Martín Marqués
scrawled:
> My question is, how many people are using selinux?
Not sure how scientific this is, but I use it. Although my servers run
CentOS (with SELinux). I would have thought it would be better to learn
how to solve probl
On Tue, 20 Sep 2011 08:14:18 -0300
Martín Marqués wrote:
> I reinstalled (better hardware) a server and had selinux enabled (was
> disabled before), and I starting to see why so many people don't use
> selinux.
>
> My question is, how many people are using selinux?
Yes without problems. Pretty
I reinstalled (better hardware) a server and had selinux enabled (was
disabled before), and I starting to see why so many people don't use
selinux.
My question is, how many people are using selinux?
I, for instance, am about to disable it.
--
Martín Marqués
select 'martin.marques' || '@' || 'gm
57 matches
Mail list logo
