[BBLISA] virtual servers and security problems
Edward Ned Harvey
bblisa4 at nedharvey.com
Fri Nov 11 22:20:21 EST 2011
> From: John Orthoefer [mailto:jco at direwolf.com]
>
> I prefer to run servers with SELinux enabled. And had no problems with
> KVM, vbox and VMWare. Some software or configuration will make me turn
> it off. For instance squirrelMail didn't play nice with SEContexts (it may
now
> haven't looked in a couple of years).
>
> But in the platform as a service world it doesn't shock me that it's hard
to get
> SELinux turned on.
Although there's probably a valid generalization to draw, I'm just going to
say something specific.
In Centos, every package distributed by centos or the major auxiliary sites
(dag, epel, etc) have correct support for selinux. Meaning you can get a
"plain vanilla" installation running by simply installing the rpm's.
However, additional packages ... Let's say the latest mailman for example
(because I'm speaking in specifics) ... if you install it manually from
source distributed by the producer (mailman.org, no wait I mean list.org),
it lacks selinux.
Whenever something "makes you turn it off," there's always a better way,
with a little knowledge applied. Just like, back in the day, so many
applications would make you "turn off the antivirus," or "turn off the
firewall."
More information about the bblisa
mailing list