Fight for the Internet 1!

Saturday, August 22, 2015

SSHD and Selinux

In Summary: Turn off SELinux. ALWAYS.

Sorry for the huge text, I just spent an hour in Fedora trying to get my firewall to allow SSHD to operate. No matter what I did, it would not work. Finally I disabled the firewall completely for debugging purposes, but it still wouldn't work! The error messages were no help!

Then, after raging at the machine for an hour, it dawned on me. This was a fresh install of Fedora. I hadn't disabled SELinux.

I can't believe how many times SELinux has bitten me in the ass. It never seems to work for anything good, but always hinder people. I consider myself a very advanced Linux User and I find it overly cumbersome. There needs to be a less.... ogre-like system put in place by default, like Ubuntu's Apper. That never got in my way BUT EVERY FLIPPING TIME SELinux has got in my way.

On systems with SELinux disabled, the SELINUX=disabled option is configured in /etc/selinux/config:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.

Go do this now. You will thank yourself. I've never heard of SELinux benefitting the average user. Ever. Ever ever ever. I'm sure someone in a corporate environment has had luck though, but they have someone on retainer there to babysit this monstrousity. And I pity that person.