SELinux vertigo- do you get it as well?

varelg

The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

asummers

varelg wrote: »

The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

It's used in Production - and hated.

Expect

It's an essential security layer, however, I have seen more programs that don't support it than the other way.

Kinet1c

Reading a book on it at the moment, in theory it's great but as mentioned integration with other apps seems to be poor.

digitalix

never turn it off! this way you learn something every day and in the end you have some extra security along with grey hairs
I tent do start using it getsebool setsebool is not that hard these days

Verities

Its a difficult concept to grasp, but once you get it down you understand why its necessary. You can usually get it to work with apps that aren't' supported natively however it can require considerable configuration changes. I'm not going to lie though, it took me reading over SELinux documentation multiple times to understand its functions and configurations.

JockVSJock

I'm starting to get it, which is an awesome feeling.

The best tutorial I found is this: https://wiki.gentoo.org/wiki/SELinux

There are a number of tutorials on youtube which have also helped me.

Yes, I was like everyone else. At first I set it to disabled, however I kept at it and now I'm getting it.

Verities

varelg wrote: »

The more I know about SELinux, the more I hate it. Is it thoroughly hated but used in production or you decide to not use it whenever possible?

One other possibility is the use of HIPS in place of SELinux. Even then you want to keep it in permissive mode for logging purposes.

Verities

Found 2 YouTube videos that are pretty much the same from RedHat and RedHat Summit that explain SELinux really well.

2012 version: https://www.youtube.com/watch?v=MxjenQ31b70

2015 version: https://www.youtube.com/watch?v=cNoVgDqqJmM

Pupil

SELinux is awesome... once you learn how to deal with it.

sealert is your best friend.