Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


View Poll Results: For you, what state is selinux in?
Enforcing 6 26.09%
Permissive 2 8.70%
Disabled 5 21.74%
Not even installed 10 43.48%
Voters: 23. You may not vote on this poll

  Search this Thread
Old 09-30-2011, 01:59 PM   #1
LQ Newbie
Registered: Mar 2004
Posts: 19

Rep: Reputation: 3
selinux opinion poll

If you use a linux distro which includes selinux by default, do you keep it Enforcing or Disabled?

I wonder how popular it is.
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 09-30-2011, 02:18 PM   #2
Senior Member
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
The systems I have are currently using Apparmor instead. For the most part, I have followed the default profiles and tweaked them to correct the errors associated with having applications, like Bind access db directories in places like /var.
Old 09-30-2011, 06:31 PM   #3
Registered: May 2001
Posts: 28,826
Blog Entries: 55

Rep: Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341Reputation: 3341
Where available it'll be in enforcing mode. If the default targeted policy needs adjusting I'll create a local policy. If a networked daemon doesn't have a policy I'll create one. *Beware of vendor product documentation and stale tutorials on the 'net that advocate turning SELinux off completely as often that'll be based on deeply rooted misconceptions, sheer laziness, lack of knowledge or older versions of the current SELinux policies. SELinux has come a long way and management is significantly easier these days. **Phoronix recently tested SELinux performance and albeit on Fedora 15 and apart from HTTP serving the impact on performance was negligible.
3 members found this post helpful.
Old 10-01-2011, 12:25 AM   #4
John VV
LQ Muse
Registered: Aug 2005
Posts: 15,298

Rep: Reputation: Disabled
I would just LOVE to see a supported ( well supported) se policy set on SUES

i installed SELinux on OpenSUSE 11.3
got it working BUT without the full support that fedora has it was a pain in the BLEEP ........
there were NO set polices i had to make EVERY single one of them and update EVERY one every time something was updated
and manually build the kernel for the updates .
but i would link to see more support for SElinux on SUSE

Last edited by John VV; 10-01-2011 at 12:26 AM.
Old 10-01-2011, 09:02 AM   #5
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
I prefer GRsecurity to SElinux, as it seems easier and less a maintenance burden to me. GRsecurity's configurations is easy to understand and manage, at least. In addition, this tool includes PAX features.

It may be worth saying that I don't use it for important tasks.
Old 10-04-2011, 08:25 PM   #6
Registered: Jan 2006
Location: USA
Posts: 540

Rep: Reputation: 52
from my experience i see lots of admin folks shying away from SElinux because they do not understand the MAC model. i cant really answer the poll because i am a security consultant, not a sysadmin. most of my work is hand-off in nature so we take special precautions to do things that the ops/sysadmins teams feel comfortable with, etc.

Last edited by Linux_Kidd; 10-04-2011 at 08:31 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux errors, SELinux and wine ziphem Linux - Security 10 01-27-2011 04:15 PM
Selinux-how do i find out what domains have permissions on what type?(selinux policy) vishyc88 Linux - Security 2 11-22-2010 04:27 AM
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM
Poll: (Without the poll) - How is Linux used in your workplace? SlowCoder General 13 09-11-2007 11:03 PM
General Opinion Poll On SUSE 10.1 peter_89 SUSE / openSUSE 61 10-02-2006 10:08 AM

All times are GMT -5. The time now is 10:19 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration