Martín Marqués <martin.marques@xxxxxxxxx> wrote: > I reinstalled (better hardware) a server and had selinux enabled (was > disabled before), and I starting to see why so many people don't use > selinux. > > My question is, how many people are using selinux? SELinux is a mighty thing, but it's way too complex. It's missing proper tools to manage it, and it's also not very well documented. I used SELinux for years, but even for their own distribution, the Fedora people never managed to maintain a SELinux policy that just works with their own services. Yes, all problems got fixed with updates of the SELinux policy packages sooner or later, but until these updates were released, for every problem I spend a lot of time to find workarounds so that I can use my computer again (thanks to Red Hat's Bugzilla and all the other Fedora users with the same problems). SELinux on Fedora works okay if you use your computer as an end-user workstation with the minimum of local services. But on such a system, SELinux doesn't have much to do. As soon as you enable services shipped with Fedora or even try to install your own ones, you'll get into trouble eventually. Yes, there are tools to scan SELinux log files and create exceptions, but I ended up with hundreds of exceptions. And to be honest, I don't understand what they do exactly. I cannot trust SELinux any longer. That doesn't give me any additional security. SELinux has wasted too much time of my life over the years, so I decided to no longer use it. I keep my computers up to date and configure them properly. If that isn't enough, bad luck. SELinux is a nice concept, but for me it has failed because it's not really usable. Greetings, Andreas -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
