Linked by Amjith Ramanujam on Thu 24th Jul 2008 15:59 UTC, submitted by Rahul
Privacy, Security, Encryption NSA takes its Flask architecture to the open-source community to offer an inexpensive route to trusted systems. "What it really helps out with is something called zero-day exploits," said Daniel Walsh, a principal software engineer at Red Hat and leader of the company's SELinux team. "If you have a bug in your software that allows a machine to be taken over, SELinux [provides] another layer of controls to make sure that application only does what is was designed to do. SELinux is your last line of defense."
Permalink for comment 324682
To read all comments associated with this story, please click here.
RHEL & Fedora
by RHCE07 on Sat 26th Jul 2008 15:17 UTC
RHCE07
Member since:
2007-12-08

In RHEL and Fedora by default SELinux is 'on' if you leave it on and you are setting up a machine, server, laptop you can use this command.

setenforce 0 to set it to permissive so you can install the packages or updates...

When you are finished customizing your machine
setenforce 1 to turn it back to enforcing mode no reboot is required.

You can reference another directory with the same SELinux context with chcon --reference /var/www/html /var/www/mywebstuff

It is another area that is amazing in what it can do, it takes a lot of practice, studying and understanding to administer it in the correct manner.

Reply Score: 1