On Thu, Jul 25, 2013 at 6:36 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
> if you are able to marry pure-ftpd, samba and 250 cms-installations predictable
> on a machine running also *self developed* managment-software for a complete
> infrastructure on 20 Fedora servers with SElinux go ahead :-)
>
> been there done that and it makes thiings so secure that they are completly
> unuseable because you are searching all day long for problems acess denied
> here and there
That can happen with SELinux when the application does something
unanticipated by the policy writers. It can also happen just the same
with ReadOnly Directories, for just the same reason, can't it?
I suppose there may a difference in how often that happens - "/usr is
read only" is a fairly well-targeted heuristics, OTOH "/usr is read
only" also leaves a large part of the system completely unprotected.
Mirek
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
