Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> |    hand-crafted security policy, caused me to swear off of it.  For
> |    me, given my threat model and how much my time is worth, life is
> |    too short for SELinux.
> 
> And JWZ:
> 
>      http://jwz.livejournal.com/719608.html

And if you have a machine actually plugged into the internet, handling
any untrusted content or with potentialy buggy apps (which is just about
anything that opens an image for example) then its kind of useful.

An awful lot of attacks simply don't work because of SELinux. But it's
your system, one of the things about Free Software is you control the
tradeoffs on your machine not some vendor by diktat.

Myself - I'm prepared to fiddle now and then with SELinux settings on my
box so that its much harder to steal all my email, run off with my credit
card data or just be a nuisance.

Sad to see people made the same argument about firewalls long ago - turn
it off it breaks doom, video streaming, etc. Nowdays anyone suggesting
turning off your firewall or always running as root (saves debugging file
permission problems) would be howled down. It's not alas occurred yet
with SELinux.

As to software which demands you disable security, I always apply common
sense and treat it the same way as if a passing tradesman says "can you
just leave your door unlocked for the weekend"

Alan
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux