Re: Virtual Host Apache Limitations

[Benjamin Franz <snowhare nihongo org>]

On Thu, 21 Jul 2005, Ed Wilts wrote:

> On Thu, Jul 21, 2005 at 10:41:33AM +0300, Jussi Silvennoinen wrote:
> > > Better to learn to deal with selinux: it's there to protect your job.
>
> Exactly.
>
> > I find selinux nothing but trouble. I especially enjoyed finding out it
> > prevents grub from installing our blades. Our kickstart started disabling
> > selinux soon after that.
>
> Do you let everybody sign on as root too? It sure works around those
> file permission issues!

When SELinux quits getting 'fixed' every other week with new and 
interesting breakages, we'll consider using it. Right now it is _far_ from 
'ready for primetime'. It _does not_ 'protect my job' to let RH cause a 
working server to stop working after Yet Another SE Policy Update. The 
damn thing is unstable as deployed and potentially lethal to system 
operation. While that is fine for FC - it is _not_ 'fine' for production 
servers.

It is the 'auditd' fiasco all over again. Sounds great in theory - but not 
when you start having systems crash because RH didn't get the 
configuration right before pumping it into production.

Right _now_ SELinux is a greater threat to system stability than the holes 
it is trying to plug.

--
Benjamin Franz

Simple things should be simple, complex things should be possible.
                                         - Alan Kay