When I enabled it during the dev effort for Gateway Version 4.6 and 5.0 approximately 2010, the way we'd built the firewall management via standard unix methodologies i.e. sudo and configuration files written in user space, it conflicted with a best practices standard that one of our intelligence community customers had.
If you turn on SE Linux, the files are not labelled correctly. It won't start correctly. It also won't correctly open the network ports post gateway process startup due to the sudo methodologies.
If you have a standard internally to use SELinux, I suggest you use the software form factor that doesn't attempt many of the appliance mode things.
------------------------------
Jay Thorne, Architect
Original Message:
Sent: 11-26-2019 11:16 AM
From: Ken Anton
Subject: SE linux
Hello
The standard installation of RedHat linux configures Security Enhanced (SE) mode on by default, whereas the RedHat version included within the appliance version of the gateway has SE mode turned off.
To help with a debate about whether to enable it or not, I'd be interested in hearing from the community whether they have enabled it or not, and the reasoning either way.
If you have enabled it, what issues have arisen, if any?
Thanks!
------------------------------
Platform Owner
TalkTalk PLC
------------------------------