Selinux - pezzo di _____

Anyone here know much about selinux?

All I know is that when I used to provision Oracle Linux VM’s (in an Oracle VM for x86 cluster) - I used to set it to disabled… and SELINUXTYPE=minimum… That was on OEL 5 and 6 (basically RHEL 5 and 6, whether RHEL kernel or UEK kernel).

Now I’ve noticed on OEL 7 (pretty much RHEL 7), if you want “minimum” you have to install an RPM to support it - and if you don’t - you can’t reconnect (or even login via console) - you have reboot and go to the console and append grub kernel load option “selinux=0”… You’d a thunk someone’d be “kind” enough to mention this as a comment in /etc/selinux/config, but no… PITA

And I barely know what it’s even for… some kinda application level firewall / ACL doohicky? I guess I should know, but in most cases, and also colleagues confirm this, we just disable/minimalise it so it doesn’t get in the way of getting work done

It’s actually pretty unobtrusive on Debian/Ubuntu (I’ve NEVER had to tweak it on DEB distros), but seems a bit “in your face” on RPM distros…

Mostly I know that a lot of people are having trouble with SELinux. It sometimes can cause very weird behaviour and also errors you at first would’ve never guessed to be related to SELinux, in the first place.

Luckily I can agree, that I never had any problem with that on DEB-based distributions. On the other hand, this is the reason I never had to find out how it works, because it never got in my way in the first place, so I don’t know too much about it.

SELinux didn’t ring any bells, so I looked it up. Seems that it’s primarily a RedHat/RPM topic, and I’m firmly in the Debian/deb universe. No wonder I don’t know about it. Leave me in my ignorance.