Apache died???

S. Dale Morrey sdalemorrey at gmail.com
Tue Apr 9 11:34:19 MDT 2013


Ok this is probably just a rant from my own opinions and nothing more.

However if something is actively interfering with a well known service from
doing it's thing, and doing so silently, then it's worse than useless.
I trust binaries that have been installed by RPM with a keycheck.  I make
the assumption that the software developers know more about what their
software needs than I do and I trust the package maintainers to only sign
off on stuff that won't break my system or steal my stuff.  (I know big
assumption and yes I know there have been repo compromises in the past)

I'm frustrated and angry with SELinux, because I chased that bug for over
18 hours checking everything I could possibly think of before posting here
in utter frustration.

It seems to me to be the TSA of the Linux world.
I doesn't seem to actually do anythiing useful and it only ever seems to be
in the way.

Admittedly my only interactions with it have been along the lines of "Well
dd you try to disable selinux and see if that solves your problem?".

Before I ever intentionally let that thing run on a system I would like to
see it at least start throwing up prompts (hey this app is about to do
something ....  allow or deny).  Sure that wouldn't work in daemon mode,
but at a minimum it should when I'm starting it from the command line.


/end rant

Thanks for letting me vent, I feel better now.


On Tue, Apr 9, 2013 at 12:01 PM, Doran L. Barton <fozz at hypermoo.com> wrote:

> On Tuesday, April 09, 2013 11:49:44 AM S. Dale Morrey wrote:
> > Yep!  That seems to have solved it.  Thanks I would have never thought of
> > selinux.  Is there anyway to completely stop/remove it on a permanent
> > basis?  That single program seems to be all but useless at doing anything
> > other than getting in the way of legit apps.
>
> Oh, on the contrary. SELinux is the biggest reason to use RHEL/CentOS if
> you
> care about security. It does a remarkable job of limiting or containing
> malicious threats. However, it does take some learning to master. I highly
> recommend everyone who works with these OS distributions take the time to
> become SELinux masters.
>
> That being said, you can modify the SELinux defaults in
> /etc/sysconfig/selinux.
> While you can set SELINUX=disabled, I recommend you set it to "permissive"
> instead if you just want it out of the way. It's much easier to go back to
> using it down the road if you're using the "permissive" setting.
>
> I know we had Stuart Jansen give a presentation at a PLUG meeting a few
> years
> ago about SELinux and I recorded it. I thought it was online, but I guess
> not.
> I'll see if I can dig it up and upload it to YouTube. It's still mostly
> relevant.
>
> --
> Doran L. Barton <fozz at hypermoo.com> - Linux, Perl, Web, good fun, and
> more!
>  "Wearing of this garment does not enable you to fly."
>     -- Seen on a child's superhero costume
>
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list