[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lmi] ZOMG selinux
From: |
Vadim Zeitlin |
Subject: |
Re: [lmi] ZOMG selinux |
Date: |
Mon, 1 Nov 2021 23:22:43 +0100 |
On Mon, 1 Nov 2021 20:47:43 +0000 Greg Chicares <gchicares@sbcglobal.net> wrote:
GC> On 10/31/21 3:46 PM, Vadim Zeitlin wrote:
GC> >
GC> > [...] in fact, I'm not
GC> > even sure if SELinux is enabled for you (what does "getenforce" output?),
GC>
GC> /srv/cache_for_lmi/logs[0]$getenforce
GC> Permissive
Thanks for confirming this!
GC> $ sestatus
GC> SELinux status: enabled
GC> SELinuxfs mount: /sys/fs/selinux
GC> SELinux root directory: /etc/selinux
GC> Loaded policy name: targeted
GC> Current mode: permissive
GC> Mode from config file: permissive
GC> Policy MLS status: enabled
GC> Policy deny_unknown status: allowed
GC> Max kernel policy version: 31
GC>
GC> Maybe I should try turning it on:
GC> sudo sestatus enforcing
GC> just to see what happens.
I'd start by examining the existing logs.
GC> Presumably someday they'll switch it to enforcing mode, with no prior
GC> notice, and it'll probably be easier to protect against that now than
GC> to recover from it later.
This is true, of course, but OTOH SELinux is not exactly new and if they
haven't turned it on yet, nothing says that they will do in the observable
future neither...
VZ
pgp4efECNT0vC.pgp
Description: PGP signature