Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Thu, 18 Oct 2007, Arthur Pemberton wrote:

On 10/18/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:

The place it can hurt is if it causes enough problems that some number
of users don't don't upgrade to the versions that use it or don't do
timely updates because they have a history of introducing new problems.
  This drops your first and best line of defense.

Les, please... this is a public list. Do not spread FUD... there is no
history of SELinux updates causing problems.

[snip]

*raised eyebrows*

Really? You mean it has never rendered *many* systems effectively broken at run level 5 because it broke X after an SELinux update? Glad to know it "never happened". You personally POSTED in a Fedora-List thread on that one:

  "Sorry dude, but join the club, best bet is to downgrade to the
   previous version, and put an except in your yum.conf so yum
   won't upgrade it again." Arthur Pemberton, June 29, 2005 12:16:38 -0400

And it has never caused systems running in *permissive* mode have yum/rpm lockups (June 2007, https://bugzilla.redhat.com/show_bug.cgi?id=245389).

I found 163 'high' or 'urgent' SELinux bugs reported in bugzilla.

Things like "selinux prevents X clients from starting", 'selinux prevents mkinitrd from running properly',' 'SELinux Update Renders Static IP Addressing Unusable', 'policy prevents Dovecot from working', 'policy prevents procmail from being used a as local delivery agent', 'selinux prevents xen hotplug in Fedora 7', 'ypbind cannot run with selinux-policy-targeted', 'mod_jk malfunctions when selinux is enforced', 'ntpd would not start', 'Unable to login using Squirrelmail', 'selinux update breaks spamassassin/procmail', 'selinux breaks prelink', 'dhcpd conflict with selinux', 'selinux blocks swapon when called from /etc/rc.d/rc.sysinit', 'crond doesn't run jobs in /var/spool/cron/root'.


SELinux and its updates have a *LONG* and *ONGOING* history of causing serious, even fatal, system problems (the last one I listed above is only a week old!)

--
Benjamin Franz

"It is moronic to predict without first establishing an error rate
 for a prediction and keeping track of oneâ??s past record of accuracy."
                    -- Nassim Nicholas Taleb, Fooled By Randomness
-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux