From owner-freebsd-questions@FreeBSD.ORG Mon Dec 20 20:11:39 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 13F57106564A for ; Mon, 20 Dec 2010 20:11:39 +0000 (UTC) (envelope-from gull@gull.us) Received: from mail-ey0-f178.google.com (mail-ey0-f178.google.com [209.85.215.178]) by mx1.freebsd.org (Postfix) with ESMTP id A24738FC12 for ; Mon, 20 Dec 2010 20:11:38 +0000 (UTC) Received: by eyh5 with SMTP id 5so1403026eyh.37 for ; Mon, 20 Dec 2010 12:11:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.14.123.68 with SMTP id u44mr3083208eeh.21.1292875897448; Mon, 20 Dec 2010 12:11:37 -0800 (PST) Received: by 10.14.127.4 with HTTP; Mon, 20 Dec 2010 12:11:37 -0800 (PST) X-Originating-IP: [69.91.158.201] In-Reply-To: References: <4D0B4D1D.8010700@gmail.com> <20101217152709.GE94554@gizmo.acns.msu.edu> <4D0B84F5.4010905@unsane.co.uk> <20101217160221.GB94970@gizmo.acns.msu.edu> Date: Mon, 20 Dec 2010 12:11:37 -0800 Message-ID: From: David Brodbeck To: krad Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: SEBSD is dead? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Dec 2010 20:11:39 -0000 On Sat, Dec 18, 2010 at 2:51 AM, krad wrote: > > > On 17 December 2010 22:20, David Brodbeck wrote: >> >> On Fri, Dec 17, 2010 at 8:02 AM, Jerry McAllister wrot= e: >> > Anyway, SeLinux ain't 100% popular over there I noticed. >> > Maybe it is just a matter of getting used to it. =A0I got >> > tired of reading the posts on it, so haven't figured out >> > if they were substantive or just whiney. >> >> The problem with SELinux is it becomes very difficult to configure >> properly if you don't have a normal, out-of-the-box configuration. >> >> For example, I never did figure out how to keep it from blocking an >> rsync backup. =A0I disabled it after that, because a system I can't back >> up is pretty useless no matter how secure it is. :) >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > > > not sure if it will work on all linuxs but this works fine for me on cent= os > in enforcing mode > > setsebool -P rsync_disable_trans on Yeah, I'd seen that fix, too. As I recall it worked temporarily, then stopped working again, and issuing the command again didn't help for reasons that I couldn't figure out. I also had problems with SELinux breaking execution of external scripts by the SNMP server. I've seen various HOWTOs about how to craft new rules to permit things like this, but many of them seemed to be out of date or referred to tools that don't ship with RedHat. Documentation is thin and the rule syntax is so cryptic it makes sendmail.cf look like LOGO. It was obviously intended to be a "no user serviceable parts inside" sort of system, but that only works if your setup is completely standard.