arrow_upward

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Consequences of disabling SELinux? VPS 9 Phoenix after KVM Upgrade
#3
that's is the way to go about doing it, Dean. nice one.

but what really stumps me is why would VPS 9 users need to disable selinux now on centos 7 ? selinux on hist has no effect on guest in case of KVM and keeping KVM enforced in both host and guest is the way to go (according to big guys. i personally like my permissive mode. never spent time learning selinux much). at the least in host.

with libvirt and KVM, selinux works by confining the Qemu binary, so that any attempts to break the guest boundary is stopped. That is why it is always recommended to have selinux set enforcing in both host and guest to maximise your level of protection (i hear it really works for people who know what they are doing and have spent time learning the hoops. that excludes me of course).

now one thing i can think of is if one is using a non default location for the virtual machines and forgot to issue commands to prepare that for selinux, due to a lot of work during upgrade . but i never saw such issues crop up from that.

so, in overall, this is a curious problem i am very much interested in and want to know the whys and hows of. just disabling might be a good temp solution for now.

selinux, even in warning (permissive) mode, is a good tool for warnings. just an added fence.

EDIT. for anyone with some time (50 minutes approximately) and a wish to learn selinux, here is a nice video tutorial..

https://m.youtube.com/watch?v=_WOKRaM-HI4
Sincere Thanks to VirMach for my VPS9. Also many thanks to Shadow Hosting and cubedata for the experiences I had with their VPSs.


Messages In This Thread
RE: Consequences of disabling SELinux? VPS 9 Phoenix after KVM Upgrade - by rudra - 12-10-2019, 10:15 AM

Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
7,678
09-23-2018, 02:58 PM
Last Post: Kururin

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting