SEBSD is dead?

[David Brodbeck]

On Sat, Dec 18, 2010 at 2:51 AM, krad <kraduk at gmail.com> wrote:
>
>
> On 17 December 2010 22:20, David Brodbeck <gull at gull.us> wrote:
>>
>> On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister <jerrymc at msu.edu> wrote:
>> > Anyway, SeLinux ain't 100% popular over there I noticed.
>> > Maybe it is just a matter of getting used to it.  I got
>> > tired of reading the posts on it, so haven't figured out
>> > if they were substantive or just whiney.
>>
>> The problem with SELinux is it becomes very difficult to configure
>> properly if you don't have a normal, out-of-the-box configuration.
>>
>> For example, I never did figure out how to keep it from blocking an
>> rsync backup.  I disabled it after that, because a system I can't back
>> up is pretty useless no matter how secure it is. :)
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>
>
> not sure if it will work on all linuxs but this works fine for me on centos
> in enforcing mode
>
>  setsebool -P rsync_disable_trans on

Yeah, I'd seen that fix, too.  As I recall it worked temporarily, then
stopped working again, and issuing the command again didn't help for
reasons that I couldn't figure out.

I also had problems with SELinux breaking execution of external
scripts by the SNMP server.

I've seen various HOWTOs about how to craft new rules to permit things
like this, but many of them seemed to be out of date or referred to
tools that don't ship with RedHat.  Documentation is thin and the rule
syntax is so cryptic it makes sendmail.cf look like LOGO.  It was
obviously intended to be a "no user serviceable parts inside" sort of
system, but that only works if your setup is completely standard.