selinux stuff - I just don't get -- broad arguments = yet another meta-discussion (YAMD)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Peter Farrow <peter@xxxxxxxxxxx> wrote:
> Additionally, if loads of people say "turn it off" doesn't
> that tell you something about it....
> the writing is on the wall  ;-)

Just like "deny all _outgoing_" firewalls?  I mean, they do
the same thing, get rid of having to deal with outgoing
Internet incompatibilities.

Result?
Oh I don't know, how about stuff like the Half-Life 2 code on
the Internet?

Locking down just _outgoing_ layer-3/4 access is difficult
enough that many companies don't do that either.  And that's
just layer-3/4, we're not talking application-level!

And that's just -- to use your example -- a "firewall." 
Saying "firewall" is like saying "3D accelerator."

SELinux is just another filter, done at the OS to prevent
application access to where it should not -- _or_ require
applications to be properly setup for select access.

It's a PITA, but when you need it, it's worth it.
If you don't, turn it off, by all means!

The only writing on the wall is that companies Sun is
actually making other UNIX flavors, such as Solaris,
attractive versus Linux again.  God knows many of us left
Solaris for Linux years ago, yet Solaris 10 is making many of
us rethink that move.

If people like yourself get your way, I'll have no choice.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith@xxxxxxxx     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux