On Mon, 2005-11-14 at 11:41, Bryan J. Smith wrote:
> The reality is that with SELinux, we don't trust software
> _until_ they are explicitly allowed to access things. Modes
> like "permissive" use the opposite that logic, and are more
> compatible.
>
> Just like deny all outgoing firewalls block _all_ outbound
> traffic, _until_ they are explicitly allowed. And why most
> people just enable allow all outgoing (including every single
> SOHO device you'll find at the superstore).
>
> Do you understand now?
I think the point you are both making is that you can't use
either of these tools unless you have someone with not much
else to do but baby-sit them or you can get along without the
services they deny (and that you may not know about yet).
--
Les Mikesell
lesmikesell@xxxxxxxxx
selinux stuff - I just don't get -- "outgoing firewalls are broken"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: selinux stuff - I just don't get -- "outgoing firewalls are broken"
- From: lesmikesell at gmail.com (Les Mikesell)
- Date: Mon Nov 14 18:29:22 2005
- In-reply-to: <20051114174155.18844.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <20051114174155.18844.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Follow-Ups:
- selinux stuff - I just don't get -- "outgoing firewalls are broken"
- From: Craig White
- selinux stuff - I just don't get -- "outgoing firewalls are broken"
- References:
- selinux stuff - I just don't get -- "outgoing firewalls are broken"
- From: Bryan J. Smith
- selinux stuff - I just don't get -- "outgoing firewalls are broken"
- Prev by Date: selinux stuff - I just don't get -- "outgoing firewalls are broken"
- Next by Date: Rebuilding RPMs
- Previous by thread: selinux stuff - I just don't get -- "outgoing firewalls are broken"
- Next by thread: selinux stuff - I just don't get -- "outgoing firewalls are broken"
- Index(es):
 |