[wplug] Who benefits from SELinux?

Drew from Zhrodague drewzhrodague at zhrodague.net
Tue Apr 10 19:45:24 EDT 2012


	Indeed, I'm sure this helps for servers, but would not at all work for 
a developer's workstation, where they are writing and testing wacky 
software that may not have hooks for SELinux. =_)

	I also generally turn it off. In cloud environments, it is easier to 
delete the host and spin up a replacement.


On 4/10/12 6:38 PM, G.Pitman wrote:
> I use it at work for every server that I can, but we have govt. and
> commercial contracts. One particular instance where it helped was a web
> server where a bad php script allowed someone to upload a script to the
> temp directory and try to execute it to likely get a privilege escalation.
> Selinux sets contexts on files and directories specifying who can read or
> write to them.


-- 

Drew from Zhrodague
Internet Swashbuckler
drew at zhrodague.net



More information about the wplug mailing list