Re: [lmi] ZOMG selinux

lmi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] ZOMG selinux

From:	Vadim Zeitlin
Subject:	Re: [lmi] ZOMG selinux
Date:	Mon, 1 Nov 2021 23:22:43 +0100

On Mon, 1 Nov 2021 20:47:43 +0000 Greg Chicares <gchicares@sbcglobal.net> wrote:

GC> On 10/31/21 3:46 PM, Vadim Zeitlin wrote:
GC> > 
GC> > [...] in fact, I'm not
GC> > even sure if SELinux is enabled for you (what does "getenforce" output?),
GC> 
GC> /srv/cache_for_lmi/logs[0]$getenforce
GC> Permissive

 Thanks for confirming this!

GC> $ sestatus
GC> SELinux status:                 enabled
GC> SELinuxfs mount:                /sys/fs/selinux
GC> SELinux root directory:         /etc/selinux
GC> Loaded policy name:             targeted
GC> Current mode:                   permissive
GC> Mode from config file:          permissive
GC> Policy MLS status:              enabled
GC> Policy deny_unknown status:     allowed
GC> Max kernel policy version:      31
GC> 
GC> Maybe I should try turning it on:
GC>   sudo sestatus enforcing
GC> just to see what happens.

 I'd start by examining the existing logs.

GC> Presumably someday they'll switch it to enforcing mode, with no prior
GC> notice, and it'll probably be easier to protect against that now than
GC> to recover from it later.

 This is true, of course, but OTOH SELinux is not exactly new and if they
haven't turned it on yet, nothing says that they will do in the observable
future neither...

VZ

pgp4efECNT0vC.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [lmi] ZOMG selinux, Greg Chicares, 2021/11/01
- Re: [lmi] ZOMG selinux, Vadim Zeitlin <=

Prev by Date: Re: [lmi] ZOMG selinux
Next by Date: [lmi] Arithmetic on enums
Previous by thread: Re: [lmi] ZOMG selinux
Next by thread: [lmi] Arithmetic on enums
Index(es):
- Date
- Thread