Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 27/11/10 18:57, Benjamin Franz wrote:
> On 11/26/2010 05:17 PM, Patrick Lists wrote:
>>
>> What's with people recommending to turn off SELinux?! That's just bad
>> advice and like recommending people keep their doors unlocked at all
>> times. Really, stop doing that. SELinux is there for a reason.
>
> SELinux is like a automatic collision avoidance system for an airplane
> that unpredictably crashes the plane during normal flight. While the
> basic idea is good, until it stops crashing planes without warning it
> isn't going to be accepted.
>
> It is not enough that it mitigates certain classes of attacks when it
> actively breaks running systems *more often* than it mitigates attacks.
> And that is my personal experience. Every year or two I try turning it
> on on a few systems. And then, after it suddenly decides to break a
> previously stable system - it gets turned back off.
>

This is where, as a sysadmin, you need to invest just a little time and 
effort learning the system. Honestly, the vast majority of issues are 
trivial to solve if you just spend a few hours reading the docs/guides, 
and even if you really can't be bothered there are kind folks on this 
list (and others) that will likely solve your issues for you. How is 
that not worth the extra security SELinux affords?

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux