Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 11/29/10 8:10 PM, Christopher Chan wrote:
>
>> Yes, if you are concerned about security of certain files it is indeed a
>> good idea to run software you don't trust elsewhere.  And if the problem
>> is not trusting software, why are you putting blind faith in the SELinux
>> code?
>
> Oh certainly. That is why there is a separate SELinux user context for
> apache too.
> Blind faith in SELinux code? Hey, let's not run anything at all then.
> SELinux provides an extra layer of security to use against exploits that may
> go beyond what we can do with the usual posix provisions. I do not see why
> you have a problem with it.

Not so much a problem - I'm just saying that you should do the simple things 
that have always worked first, then add SELinux if you want.

-- 
   Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux