Re: Odd failure of smbd to start from init.d - CentOS 5.4 - it's that fine SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> The *theoretical* system security improvement of SELinux is trumped by 
> the *practical* observation that I have had existing systems broken by 
> SELinux multiple times on the mere handful of systems I have run it on 
> in enforcing mode,  but have yet to see a single one of several dozen 
> (all internet exposed) up-to-date *non*-SELinux systems hacked.
> 
> It is a 'safety' feature that is in practice more dangerous to system 
> stability than what it is trying to fix. It is like having air bags in 
> your car that go off at random times while you are driving: It is NOT 
> acceptable behavior.
 
 Under CentOS 5.5, and I presume RHEL5.5 too, there is a small improvement
 in the shape of setroubleshoot-server, it at least gives you improved
 troubleshooting capabilities.

 Not that it helps when you upgrade a 5.4 machine to 5.5 and you get no
 selinux logging whatsoever because setroubleshoot-server wasn't installed
 during the upgrade. Note to self, need to add it to the minimal-kickstart
 configurations.



---------------------------------------------------------------
This message and any attachments may contain Cypress (or its
subsidiaries) confidential information. If it has been received
in error, please advise the sender and immediately delete this
message.
---------------------------------------------------------------

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux