Any chance of seeing SELinux enabled? Big security win here.
I agree. Can someone try and enable SELinux manually on Rockstor and report back their results, recommendations etc…? That would help speed things up.
I will do this soon. It means editing
then rebooting. Keep console access because if something goes wrong you want to change it back or run
Would you not be better sticking it in Permissive mode and checking all the AVC logging?
Not really no, you need it in enforcing mode to create a policy. Permissive mode will show avcs that would not happen in enforcing mode.
what about this Security Hardening (SELinux)
By doing this, does it break the support ?