[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another selinux rant



On 1/3/08, Andrew Farris <lordmorgul gmail com> wrote:
> As the policies improve selinux will become hardly more complicated for general
> use as chmod itself is... proper policy + proper label = just works.  Obviously
> both of those need to be in place and are in progress; so disable it when you
> must now but if you just ignore it long term its to your detriment.  Set it
> permissive at minimum and keep the denial log messages for additional security
> review if/when you really need it.  And finally, the ability to disable it is in
> the distro precisely so that you can (so why the rant? you want to be forced to
> enable it instead? you feel everyone should install without it enabled by
> default forever and ever? you feel that selinux should disable itself when you
> get denials that prevent you doing what you want? uhm that won't do).

No, no and no. Dimi raised the issue of gauging the usability of
SELinux, and the only point of my rant was to convey the experience
that led me to disable it.

--Ed


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]