Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic <vvmarko@xxxxxxxxx> wrote:
> On Tuesday 30 November 2010 20:54:37 m.roth@xxxxxxxxx wrote:
>> And about apache... most of those attacks are preventable through
>> defensive configuration and coding for httpd itself. Looking to selinux to
>> protect you is very sloppy.
>
> So a guy in a circus, performing acrobatics on a trapeze doesn't actually ever
> need a safety fishnet below, right? All he needs to do is make sure never to
> slip, or miss to catch the trapeze bar while performing. If he isn't sloppy,
> he will never fall. Simple. ;-)

Historically (although it's gotten better), the SELinux net was
erected by blocking off all the ladders to the trapeze. This is great
for safety of bystanders and keeping the clowns from making the
trapeze slippery with cream pies, but made it hard to actually
entertain the crowd. And entertaining the crowd is what a circus gets
paid for.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux