Results 1 to 8 of 8
  1. #1
    Join Date
    Jun 2011
    Posts
    81

    Default Distros are disabled on SELinux, why?

    Most distros don't support SELinux and even if some do support SELinux users are asked to disable it if they have a problem. why so?

  2. #2
    Join Date
    Jun 2014
    Posts
    28

    Default

    SELinux isn't harming the distros at all. I think the people who are suggesting to disable it are those who have no knowledge about what they are talking about or might be the developers that have written applications that aren't supportive with SELinux.

  3. #3

    Default

    The premise with SELinux is simple. Application1 can do specific activities, in certain places of the filesystem. These places and activities are configured by policy. If the application tries to violate that policy, it gets smacked down and told no. And I think this is a rule that if you violate nay policy you will be smacked down.

  4. #4

    Default

    SELinux is supported by several distributions. It's a fact that SELinux is implemented in the Linux Kernel as a Linux security module. So everyone has access to it one way or another.
    People misunderstand SELinux and that's really simple:
    SELinux is optional and can't be used with any other Security system implemented as an LSM (with the exception of some really simple systems like YAMA).

  5. #5

    Default

    The actual fact is that SELinux shouldn't be favored over any other LSM-based security system. You can use what you want as some distributions make this decision for you, other leave it to your discretion.
    Many distributions do not come with an "example" selinux policy configuration.

  6. #6
    Join Date
    Jul 2011
    Posts
    105

    Default

    One of the great security tools SELinux which protects the system against malicious users and even against a compromised root account. Only thing is that SELinux needs to be set up properly which is quite hard. The syntax is cryptic, the logs are poor and the utilities are a pain to work with. The benefits of setting up SELinux properly are usually eclipsed by how horrible it is to work with, which is why so many people disabled it instead.

  7. #7

    Default

    Even the SELinux devs/packagers sometimes suggest disabling SELinux rules rather than fixing the problem, which can't be resolved.
    Most distributions do not actively use either, so to answer your question "Is it needed?" No, most of the time these are not necessarily. But they are useful, especially if you are running a server where security is important.

  8. #8

    Default

    Actually, the process needed to run SELinux is usually missing. But it isn't that bad to setup, I think. Like any other tech you can figure it out and make it work for you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •