Re: SELinux - way of the future or good idea but !!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 12/7/10 1:45 PM, Marko Vojinovic wrote:
>
> And it isn't really rocket science. It's just an extension to the existing
> classical permissions system --- it works in analogous way, just with greater
> flexibility and power. If you know how to understand and use file permissions,
> you will easily grasp all about SELinux.

No, it doesn't have much in common with the standard uid/gid based permissioning 
system.

> 5) disable SELinux and be ignorant about security.
>
> If you choose 5), feel free to also disable iptables, log in as root all the
> time, and make sure that the root password is clearly visible on the company
> website. Why bother with all that stuff, anyway? ;-)

I think you've missed the point that 'all that stuff' (being traditional unix 
security mechanisms) are not all that insecure.  It is only when you get them 
wrong that you need to fall back on selinux as a safety net.   And if you can't 
get the simple version right, how can you hope to do it right with something 
wildly more complicated?

-- 
   Les Mikesell
    lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux