Tweet
The annoyance of SELinux is one of the main reasons I avoid using RHEL-based systems whenever possible.
-
-
Okay, I'll give you a quick example.Originally posted by pgoetz View Post
sshd runs as root, it has to for two major reasons, to access the .ssh directory of users homes (for private keys) and to spawn a process as a user on successful authentication. This gives sshd a large amount of power that if exploited, would give an attacker almost unlimited access on the system.
SELinux comes to the rescue here, sshd gets given an selinux tag as does the .ssh directories in home folders, this means SELinux can prevent sshd from accessing files other than the ones it's been tagged with being able to access, even though it's running as root.
There is some overlap though with systemd sandboxing and containers so the use case for SELinux is less than it used to be. But you should never turn SELinux off, set it to permissive mode and fix your policies.Comment
-
LOL!!! Permissive mode is a placebo, all it does is set SELinux to run and log but it doesn't actually enforce anything, a system running in permissive mode is not being protected by SELinux at all.Originally posted by Britoid View Post
Comment
-
Permissive mode lets you see what the errors are, fix them and set back to enforcing.Originally posted by Spooktra View PostComment
-
Thanks for engaging, but how could sshd be compromised without someone gaining root on your system, at which point anything is possible? And if not that, once you can get into people's .ssh directories their accounts almost certainly are compromised, allowing direct logins where, again, quite a bit becomes possible.Originally posted by Britoid View Post
The arguments for SELinux always sound superficially convincing until you dig into the functional consequences of what is being protected against. I had a coworker explain that SELinux constrained web server access to user's .public_html directories. Now that the 90's are over, who's still using .public_html directories?
Comment
-
Proper security implementation is all about layers. If an attack breaches 1 layer, you want to have other layers in place to reduce the impact of the breach. Compromising sshd is just hypothetical - that would require a yet-unknown vulnerability which it may or may not have (like any software whose vulnerabilities haven't been discovered yet).Originally posted by pgoetz View Post
But that's the point: you don't know what vulnerability will be discovered next. Multiple layers of security help prevent breaches even when a new 0-day or other vulnerability is discovered.Comment
-
How are people feeling about SELinux in general? It's been a while since I've tried a Redhat system.Comment
-
Until someone regrets disabling SELinux when exploit occurs on their system. SELinux mitigation also forces developers to fix their codes in software. One of real cases was with a Steam game called Portal 2 when a MP3 decoder was blocked to use execheap due to security issue. See https://news.softpedia.com/news/Valv...s-430985.shtmlOriginally posted by pgoetz View Post
Fedora got its SELinux policies updated and frequently tested which greatly benefit desktop users.
The best practice is to use what the system provided to you. By the way, Android phone uses a variant called SE for Android.Comment
-
Both SELinux and AppArmour are bad by design.
I'd really like to see Linux take a page from OpenBSD and do something like Pledge.Comment
-
Pledge and SELinux do completely different things and have completely different purposes.
Linux already has seccompComment
Comment