On 20/09/2011 3:57 PM, Martín Marqués wrote: > 2 > I spoke with someone who works in HP (system administration) that told > me they have SELinux disabled on the servers, as the overhead in > administration is to high. > > I'd like to believe my problem is due to lack of selinux configuration > knowledge, and not that it's useless. It`s not that it`s useless. It`s that in the *real world*, getting the immensely-complicated policy machinery correct is next-to-impossible. And by correct, I mean ``provides security, and never causes unwanted failures of applications``. SELinux is extremely ornate, and even after all these years, you end up running up against not-quite-right policy databases that cause you grief. Once you`ve done a few of those, the temptation is to turn it off. A properly-configured Linux server, even without SELinux, but with other security features like firewalling turned on, is likely secure-enough in many environments. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
