Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday February 12 2017, @02:36PM   Printer-friendly
from the easier-troubleshooting dept.

Jack Wallen asks via TechRepublic

Has SELinux got you down by blocking your apps or causing general havoc? Instead of disabling it, discover how to use the SELinux Alert Browser to solve those problems.

If you're using a Linux distribution that takes advantage of SELinux, such as CentOS, Red Hat, Fedora, or SUSE, you know it can be a blessing and a curse. While SELinux is an incredibly powerful tool that goes a very long way to keep your Linux-powered machines secure, it can be a nightmare to configure. Fortunately, there is a tool called SELinux Alert Browser that can ease those troubles.

With SELinux Alert Browser, you can get quick solutions when SELinux is causing you issues. In fact, you'd be hard-pressed to find an easier route to solving your SELinux-based headaches.

[...] The Troubleshoot button will reveal possible actions you can take to resolve your issue. In some cases sealert will instruct you how to have SELinux stop auditing the issue; in other cases sealert will show how to generate a new policy module that allows an object (such as xenconsoled) access to a resource.

When SELinux Alert Browser makes suggestions, they will be in the form of commands you can run to solve the problem. If you agree with the suggestion offered by sealert, go back to the Terminal window and issue the suggested command(s). Hopefully, your issue will be resolved. If you're unsure that access should be allowed, I highly recommend doing research before issuing the suggested command(s).

Any Soylentils ever get so fed up with SELinux that you just disabled it? Think this might have avoided that?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by edIII on Sunday February 12 2017, @04:48PM

    by edIII (791) on Sunday February 12 2017, @04:48PM (#466198)

    Some platforms I've seen have setenforce 0 as one of the first commands during installation and there are zero plans at the end to turn it back on.

    The general feeling I've got is that you turn it off on servers that have no business with users and home directories.

    That, and OpenBSD doesn't even have SELinux.

    --
    Technically, lunchtime is at any moment. It's just a wave function.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by butthurt on Sunday February 12 2017, @08:13PM

    by butthurt (6141) on Sunday February 12 2017, @08:13PM (#466279) Journal

    > [...] OpenBSD doesn't even have SELinux.

    The Communications Security Establishment has a mandate

    to provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada [...]

    -- http://laws-lois.justice.gc.ca/eng/acts/N-5/section-273.64.html [justice.gc.ca]

    OpenBSD is a Canadian product.

    • (Score: 1) by Scruffy Beard 2 on Monday February 13 2017, @04:01AM

      by Scruffy Beard 2 (6030) on Monday February 13 2017, @04:01AM (#466440)

      Not sure if parent is informative or trolling...

      The NSA appears to have a similar mission. You conveniently omitted the signals intelligence aspect of their mandate:

      to acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities;

      Canada participates in Five Eyes [wikipedia.org]

      Where being based in Canada helped Open BSD was when they were able to ship with strong cryptography world-wide. The US prohibited the export of strong encryption at the time. However, they did allow the importation of strong encryption.

      • (Score: 2) by butthurt on Monday February 13 2017, @06:23AM

        by butthurt (6141) on Monday February 13 2017, @06:23AM (#466470) Journal

        The CSE is Canada's analogue to the NSA. It has a similar remit. The topic is SELinux, which is software written by the NSA to make Linux more secure. The CSE, I suggested, could do something similar for OpenBSD.

        Omitting information I deem irrelevant, while noting the omission and linking to the full information, is trolling?

        • (Score: 1) by Scruffy Beard 2 on Monday February 13 2017, @05:12PM

          by Scruffy Beard 2 (6030) on Monday February 13 2017, @05:12PM (#466664)

          Well, I missed that (implied) suggestion.

        • (Score: 0) by Anonymous Coward on Wednesday February 15 2017, @09:33PM

          by Anonymous Coward on Wednesday February 15 2017, @09:33PM (#467604)

          No, they really couldn't. The OpenBSD devs are dead-set against adding what they see as needless complexity.

          • (Score: 1) by butthurt on Wednesday February 15 2017, @09:52PM

            by butthurt (6141) on Wednesday February 15 2017, @09:52PM (#467609) Journal

            The CSE's spying activities that Scruffy Beard 2 brought up might raise eyebrows, too.