undefined | Better HN

story

0 pointstomhurd9y ago0 comments

> SELinux as a whole is binary: either it is on or off. You can't run a specific program as unconfined, generate a policy from the errors, and enable it after a while.

You can make individual domains permissive with the overall system in enforcing. It's available in RHEL6 and RHEL7, I'm not sure about RHEL5.

"semanage permissive -a httpd_t"

https://selinuxproject.org/page/PermissiveDomainRecipe

https://lwn.net/Articles/303216/

0 comments

microtonal9y ago

Thanks for pointing this out! I used SELinux with RHEL5 and somehow missed this when I retried SELinux recently. I will definitely play with it again soon...

j / k navigate · click thread line to collapse

0 comments

microtonal9y ago

Thanks for pointing this out! I used SELinux with RHEL5 and somehow missed this when I retried SELinux recently. I will definitely play with it again soon...

j / k navigate · click thread line to collapse