On June 21, 2020 12:17:07 PM AKDT, Alain D D Williams addw@phcomp.co.uk wrote:
On Sun, Jun 21, 2020 at 08:06:40PM +0000, Jason Long wrote:
Hello,I want to install Apache, MySQL and PHP on CentOS 8, but I
don't like to disable SELinux. I know that SELinux maybe cause some problems
Yes. SELinux is supposed to cause problems for unauthorized intrusion, unnecessary privilege elevation, etc.
At the same time, there's something a little bit too formulaic, "corporate" perhaps, about the question as posted. It's a LAMP stack. The SELinux policies really need to "just work" out of the box for the end user // installer // webmaster without any additional configuration.
The CentOS distribution maintainers, developers, and software packagers, https://ius.io/ etc. need to make it work somehow. There are far too many convenient excuses why the security enhancements of SELinux are not working out of the box in this day and age of botnets, spyware, Bitcoin miners, Unsolicited Commercial Email, etc.
My current website // email is to the best of my knowledge hosted on OpenVZ paravirtualization at a commercial hosting provider, and OpenVZ does not appear to be compatible with SELinux, although I have not researched the precise technicalities.