software vendor telling me we have to disable selinux to use thier software....

Xetroximyn
Xetroximyn used Ask the Experts™
on
software vendor telling me we have to disable selinux to use their software.... how dangerous is this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
There is no way to quantify exactly how dangerous this is without knowing a lot of other variables.  But if you feel strongly about the security of your system you should start looking into alternative software.
Network Administrator
Commented:
The problem is most likely they don't know how to write selinux rules to allow their software... It usually involves running in "permissive" mode and then looking in selinux logs for what needs to be allowed.

Many people run without selinux enabled, and your risks are usually in line with the amount of exposure you have to the outside world.

http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html

http://www.billauer.co.il/selinux-policy-module-howto.html
Scott SilvaNetwork Administrator

Commented:
I thought this was fair to split points.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial