Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
C0D4681385yI like that guy!
Mind you I know enough about selinux to know setenforce 0 is handy when you think selinux is the culprit, but you turn it back on 😏 -
Not sure if this is the actual transcript or it's loosely paraphrased. Either way it would be better to say: "one way to do it is {....} but that brings security issues, I probably would perform a quick search the first time so I would know what to do in the future"
That shows you know a solution, that you care about security and can work without people having to hold your hand. -
Wait, if you had gotten the question wrong, would the interview have ended there?
-
cst199221165yNot sure I agree with the comments here.
If the TI knows his shit, the HRI has no business sticking his nose in the TI's realm.
If I were the hiring manager, I'd seat those two in separate rooms. -
@ctrl-alt-del Disabling the specific SELinux module which is blocking the execution.
-
I disable SELinux as a matter of principle. It causes far more problems than it solves, and is less useful in container workloads anyway.
-
@theKarlisK you mean:
Disable se linux, disable firewall, set web server to run as root, chown everything in web root to root:root. Hacked. -
swappy5725y@ctrl-alt-del : The Best Solution is to go about creating SeLinux Policy which would allow the traffic to take place.
Somewhat like:
https://serverlab.ca/tutorials/... -
No matter what a better answer would be, I find that really refreshing.
Thanks, mate, that really made my day! 😊
Recently had an interview with a company. At some point an SELinux question came up and while I didn't provide the best answer ever (I'm hardly familiar with SELinux and mentioned that as well beforehand so they knew), it was technically correct and the reaction of the interviewers was funny.
TI (technical interviewer): say your php script isn't executed and after a while you find out that SELinux is blocking php script execution, how can you fix that?
Me: setenforce 0...? (essentially disabling SELinux at all)
TI: disabling it entirely for getting php execution to work?! That doesn't sound like a good solu...
HRI (HR (non technical) interviewer, also present): *turns to TI* - but, would it solve the problem?
TI: 😐 well, yes, but... That's a bad thing to do so I wouldn't count is corre..
HRI: *still aiming towards TI* but you simply asked him for a way to solve the php execution issue, would his answer work? Regardless of whether it's the best or worst solution, would it be a solution which works?
TI: well... yes...
HRI: then he answered correctly I'd say, next!
(yes, I'm aware that my answer wasn't good as for security at all but it would have solved that problem which is what was asked)
rant