Jack Wallen asks via TechRepublic
Has SELinux got you down by blocking your apps or causing general havoc? Instead of disabling it, discover how to use the SELinux Alert Browser to solve those problems.
If you're using a Linux distribution that takes advantage of SELinux, such as CentOS, Red Hat, Fedora, or SUSE, you know it can be a blessing and a curse. While SELinux is an incredibly powerful tool that goes a very long way to keep your Linux-powered machines secure, it can be a nightmare to configure. Fortunately, there is a tool called SELinux Alert Browser that can ease those troubles.
With SELinux Alert Browser, you can get quick solutions when SELinux is causing you issues. In fact, you'd be hard-pressed to find an easier route to solving your SELinux-based headaches.
[...] The Troubleshoot button will reveal possible actions you can take to resolve your issue. In some cases sealert will instruct you how to have SELinux stop auditing the issue; in other cases sealert will show how to generate a new policy module that allows an object (such as xenconsoled) access to a resource.
When SELinux Alert Browser makes suggestions, they will be in the form of commands you can run to solve the problem. If you agree with the suggestion offered by sealert, go back to the Terminal window and issue the suggested command(s). Hopefully, your issue will be resolved. If you're unsure that access should be allowed, I highly recommend doing research before issuing the suggested command(s).
Any Soylentils ever get so fed up with SELinux that you just disabled it? Think this might have avoided that?
(Score: 1) by Scruffy Beard 2 on Monday February 13 2017, @04:01AM
Not sure if parent is informative or trolling...
The NSA appears to have a similar mission. You conveniently omitted the signals intelligence aspect of their mandate:
Canada participates in Five Eyes [wikipedia.org]
Where being based in Canada helped Open BSD was when they were able to ship with strong cryptography world-wide. The US prohibited the export of strong encryption at the time. However, they did allow the importation of strong encryption.
(Score: 2) by butthurt on Monday February 13 2017, @06:23AM
The CSE is Canada's analogue to the NSA. It has a similar remit. The topic is SELinux, which is software written by the NSA to make Linux more secure. The CSE, I suggested, could do something similar for OpenBSD.
Omitting information I deem irrelevant, while noting the omission and linking to the full information, is trolling?
(Score: 1) by Scruffy Beard 2 on Monday February 13 2017, @05:12PM
Well, I missed that (implied) suggestion.
(Score: 0) by Anonymous Coward on Wednesday February 15 2017, @09:33PM
No, they really couldn't. The OpenBSD devs are dead-set against adding what they see as needless complexity.
(Score: 1) by butthurt on Wednesday February 15 2017, @09:52PM
The CSE's spying activities that Scruffy Beard 2 brought up might raise eyebrows, too.