# A question about SELinux

## tramshed

Is it viable for a general server yet? i.e: One that runs a few game servers, lighttpd, etc. Or is it still tricky as hell to set up without screwing up the point of it?

----------

## vaxbrat

It's been a while since I've tried to mess with it.  Even on RHEL5 installs, I end up either throwing it in permissive mode or disabling it entirely since the bundled reference policy screws up the ability to have Samba work with Active Directory.  I never did try anything with targeted policy mode on gentoo so maybe it would be useful to secure isolated stovepipes on an install.

Maybe one day I'll have a requirement to do something with multi-level security (not common need to know) and will have the charge numbers at work to take a good long look at it again.

----------

## The Doctor

Last time I tried to use it I found it to be extremely difficult to use. I wound up getting rid of it and nuking my OS in the process (Ok, that was probably my fault.)

You may want to look at Gsecurity. It does much the same thing, but is much, much easier to use. http://www.gentoo.org/proj/en/hardened/

----------

## dE_logics

It's basically a kernel level sandbox and extremely useful and highly configurable as compared to AppArmour and GRsecurity (as from what I heard).

It's the top choice for best levels of security for all applications, either it be Desktop or any kind of server.

As a result, portage is filled with selinux policies, and one for Apache too -- 

sec-policy/selinux-apache

----------

## Sven Vermeulen

It's not tricky... just a level up from the regular Linux permissions  :Wink:  Make sure you follow the Gentoo Hardened SELinux handbook though, it's not just a matter of enabling a few options in the Linux kernel. I'm also writing a tutorial series to learn SELinux in a step-by-step manner.

----------

