Re: selinux??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/24/2016 07:17 PM, Tim wrote:

I have, unfortunately.  And I see a lot of people who do on this list or
forums.  You can recognise them by the ones that when either dealing
with a problem, or the installing a system, the first things they do are
turn off SELinux and firewalls.
Back when I did tech support for an ISP, I got a call from a man who wanted to know if he could host a webpage on the Internet using the Windows Personal Webserver. I quickly realized that if he had to ask, he probably didn't know enough to do it safely, so I tried to warn him about the risks. He stopped me and said that he was willing to find out the hard way and reinstall if he had to, so I told him that what he wanted to do was possible and ended the call. I've wondered, a few times, how badly he got infected and just how hard "learning the hard way" turned out to be, but I've always considered it a case of evolution in every-day life.
Putting a Linux box on the net with the firewall and SELinux disabled is just as bad. I've seen all too many posters, here and elsewhere, who automatically disable SELinux because there were problems and performance hits associated with it when it first came out eighteen years ago and I never argue with them or try to get them to move into the 21st Century. Not only is it a waste of my time, I figure that if they're that unwilling to learn, they're just getting what they deserve.
The point here is that SELinux wouldn't have been developed and wouldn't have stuck around as long as it has if it didn't serve an important purpose. Unless you're sure that you know exactly what you're doing, don't mess with it. And, if the troubleshooter shows you how to create a custom policy to work around an alert, ask yourself if you really need this program working before continuing. Working around a glitch in Firefox is one thing; getting a game to work may or may not be worth the trade-off in security. Sorry to go on so long, but once I started, I found that I had more to say than I'd thought. 
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux