Date: Fri, 29 Mar 2024 08:11:11 +0000 (UTC) Message-ID: <676057057.29.1711699871821@e89e1969b9fa> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_28_171532785.1711699871821" ------=_Part_28_171532785.1711699871821 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Security Enhanced Linux (SELinux) is a technology that extends the basic= access control mechanisms of the Unix model (file ownership, file access p= ermission modes and a general exception for "root") with an additional laye= r of so-called mandatory access controls controlled by detailed access poli= cies.
In most Linux distributions that include SELinux, potentially vulnerable= daemons such as web servers are confined by policy allowing them only the = minimal access required to perform their functions. This means that even a = subverted daemon is limited in the amount of damage that it can do to the s= ystem.
SELinux is shipped with many Linux distributions, including Red Hat Ente= rprise Linux, CentOS, Fedora and Debian Etch. In RHEL and CentOS distributi= ons, it is enabled in an "enforcing" mode by default.
At the present time, we do not support the SP in conjunction with SELinu= x, and at minimum we know that communication between the mod_shib= strong> and shibd components will fail if it's enabled. Ot= her problems may also occur. We therefore suggest that during any initial s= etup or testing, that SELinux be left disabled or in permissive mode, and w= e don't officially support the SP's use with it enabled.
There had been some intention to work on building policy modules for use= with Shibboleth 2.x, but the interest in this waned as SELinux adoption la= gged and there are no developers on the project with the necessary expertis= e. We welcome assistance from the community, but it would require a commitm= ent to maintain such a deliverable as new releases are done.
Outside documentation that unoffically describes ways to use them togeth= er include: