On Thu, 2004-10-07 at 08:41 -0700, Nathan Grennan wrote: > I think overall it what it comes down to is that SELinux micro-manages > security way too much. SELinux's level of security might be suitable in > some situations, but will be too much of a burden in most situations. > Not to put SELinux in bad company, but the level of security provided by SELinux is very similar to what is provided by the Windows NT/XP security system and that doesn't seem to bother people too much. Of course, MS essentially turns it off to prevent that! I think the crux of this thread is that there are likely to be cases (especially short-term) where SELinux poses a burden. While some of these cases may be reasonably common (hosting customers FTP-ing up files, etc), I really don't think they justify disabling SELinux as a whole out-of-the-box. If RH was to do that, they might as well stop spending any time developing SELinux and all of us Fedora users might as well stick with the standard UNIX security system. If you find that SELinux doesn't work in your environment due to various reasons, it is quite easy to disable it though a much better alternative would be to work with the RH folks to get it to work properly in your environment. And don't forget - that may mean changing some of YOUR practices to make it work. -- David Hollis <dhollis@xxxxxxxxxxxxxx>
