[GE users] SE Linux

Gruhn Daniel J Contractor AF/A9IT Daniel.Gruhn.ctr at pentagon.af.mil
Fri Oct 20 17:07:58 BST 2006


Thanks Orion.

I plan to try to work on a policy on my own if no one comes forth with one.
Is it possible that everyone is running SELinux disabled or in permissive
mode?  It doesn't seem likely.

Dan

//SIGNED//
Daniel J.Gruhn, CTR (Group W Inc.)
HQ USAF/A9IT
Studies & Analyses, Assesments and Lessons Learned

 

> -----Original Message-----
> From: Orion Poplawski [mailto:orion at cora.nwra.com] 
> Sent: Friday, October 20, 2006 11:59 AM
> To: users at gridengine.sunsource.net
> Subject: Re: [GE users] SE Linux
> 
> Gruhn Daniel J Contractor AF/A9IT wrote:
> > Greetings everyone,
> >  
> > I am interested in trying to set up a Grid using a cluster running 
> > with SELinux enabled.  I have searched the web and the user group 
> > archives and the only mentions I find are statements of the 
> "...turn 
> > off SELinx..." or "...I have turned off SELinux..." variety.
> >  
> > Has anyone setup Grid Engine with a viable set of SELinux 
> security policies?
> > If so, could I get a copy of any documentation that you have?  I 
> > understand this may be a sensitive subject, so anything 
> anyone feels 
> > comfortable contributing would be greatly appreciated.  Perhaps we 
> > could also get it posted to the HOWTOs or wiki.
> 
> I suspect that you won't have a problem with the targeted 
> policy because the SGE daemon run in the unconfined_t (or 
> initrd_t which is essentially the same) domain.  Currently we 
> run FC5 with SELinux enabled on the clients without trouble.  
> SELinux is permissive on the server, but I don't see any sge 
> related issues in the logs.
> 
> Wonder if anyone is working on a policy for SGE...
> 
> --
> Orion Poplawski
> System Administrator                  303-415-9701 x222
> NWRA/CoRA Division                    FAX: 303-415-9702
> 3380 Mitchell Lane                  orion at cora.nwra.com
> Boulder, CO 80301              http://www.cora.nwra.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
> For additional commands, e-mail: users-help at gridengine.sunsource.net
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net




More information about the gridengine-users mailing list