Hi all,
We are (finally) moving our LAMP stack from CentOS 7 to Debian 12. For various compliance reasons we are wanting to use SELinux.
I've uninstalled apparmor and configured a basic working system as per https://wiki.debian.org/SELinux, however I'm finding that many many things are blocked that previously "just worked" out-of-the-box under CentOS 7's 'targeted' policy.
My question is are selinux-basics / selinux-policy-default maintained under Debian 12? Perhaps I'm missing a policy file, as things like `crontab -e` and `certbot ...etc... --preferred-challenges dns-01 --installer apache` and many other items are being blocked.
I'm afraid I'm not an SELinux expert, but I suspect simply running audit2allow on every little step over and over isn't the right way forwards. I thought I'd better check here that I'm not missing something very obvious, like a policy I've not installed or something.
TIA!
We are (finally) moving our LAMP stack from CentOS 7 to Debian 12. For various compliance reasons we are wanting to use SELinux.
I've uninstalled apparmor and configured a basic working system as per https://wiki.debian.org/SELinux, however I'm finding that many many things are blocked that previously "just worked" out-of-the-box under CentOS 7's 'targeted' policy.
My question is are selinux-basics / selinux-policy-default maintained under Debian 12? Perhaps I'm missing a policy file, as things like `crontab -e` and `certbot ...etc... --preferred-challenges dns-01 --installer apache` and many other items are being blocked.
I'm afraid I'm not an SELinux expert, but I suspect simply running audit2allow on every little step over and over isn't the right way forwards. I thought I'd better check here that I'm not missing something very obvious, like a policy I've not installed or something.
TIA!
Statistics: Posted by afterlife — 2024-05-29 09:43 — Replies 0 — Views 41