Displaying 9 results from an estimated 9 matches for "selinuxproject".
2015 Mar 03
0
selinux allow FTP
...ng
someone that they should be using SFTP instead of FTP is the only
appropriate thing to be saying here, not this dead-horse-beating.
So to actually address the stated problem... I don't know about proftpd,
but there's a page here that discusses getting it working with selinux:
http://selinuxproject.org/page/FTPRecipes
and I'm sure that clicking this link will lead you to other helpful
documents:
https://www.google.com/search?q=proftpd+selinux+centos+7
It does require that you have an understanding of selinux, and are not just
looking for a magic incantation to make it work. You can...
2016 Jan 12
3
What are the advantages and disadvantages of running with or without libvirt?
I didn't see what are the main differences in
http://libguestfs.org/guestfs.3.html#backend
Specifically, I'm interested in what is faster (direct sounds faster to
me), and if there are any major restrictions (networking?)
Here's an example command we are running (sorry, Python'ish, but you'll get
it):
['virt-sysprep', '--connect', 'qemu:///system',
2015 Mar 03
2
selinux allow FTP
On Mon, Mar 2, 2015 at 4:43 PM, Tim Dunphy <bluethundr at gmail.com> wrote:
>>
>> errr, I meant, sftp, not rscp
>
>
> Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow
> regular ol' FTP using SELinux? Or does that just defeat the purpose of
> having a secure SELlinux server entirely?
What is the context here? The big problem
2016 Jul 05
4
How to have more than on SELinux context on a directory
????????? ???????? ????? 2016-07-05 19:58:
>> I need to have the tftpdir_rw_t and samba_share_t SELinux context
>> on
>> the same directory.
>>
>> How can we do this? Is it feasible to have more than one SELinux
>> context?
>
> I don't think it's possible/feasible.
> You'd probably need to add a new type and necessary rules to your
2016 Jan 12
0
Re: What are the advantages and disadvantages of running with or without libvirt?
...and if there are any major restrictions (networking?)
You would think that direct is faster, but I benchmarked this a while
back and there's essentially no measurable difference.
There are however big differences, and restrictions. Off the top of
my head:
- libvirt implements sVirt (http://selinuxproject.org/page/SVirt) so
it's considerably more secure for examining untrusted disk images
- libvirt allows hotplugging of drives, ie. you can call
guestfs_add_drive_opts after launching the handle
- there are some differences in how networking is done, although they
are rather obscure (...
2012 Apr 01
7
selinux on/off percentage
hi
Just wondering if there is any statiscs report of selinxu usages in
production environment? I know some still turn it off.
thanks.
min
2010 Nov 26
20
SELinux - way of the future or good idea but !!!
Hi,
total newbie on CentOS. Just firing up an install of 5.5 on a development webserver. Installed Webmin, Awstats, PHPMyAdmin and Drupal successfully. Yet to work on Sendmail and Samba. SELinux in enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t) "read write" to /var/webminsessiondb.pag (var_t)".
Googled the error message without real success in finding fix
2012 Jan 31
26
[PATCH 00/10] FLASK updates: MSI interrupts, cleanups
This patch set adds XSM security labels to useful debugging output
locations, and fixes some assumptions that all interrupts behaved like
GSI interrupts (which had useful non-dynamic IDs). It also cleans up the
policy build process and adds an example of how to use the user field in
the security context.
Debug output:
[PATCH 01/10] xsm: Add security labels to event-channel dump
[PATCH 02/10] xsm:
2023 Mar 14
7
[PATCH v8 0/6] evm: Do HMAC of multiple per LSM xattrs for new inodes
From: Roberto Sassu <roberto.sassu at huawei.com>
One of the major goals of LSM stacking is to run multiple LSMs side by side
without interfering with each other. The ultimate decision will depend on
individual LSM decision.
Several changes need to be made to the LSM infrastructure to be able to
support that. This patch set tackles one of them: gives to each LSM the
ability to specify one