[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux survey (was RE: Stupid F7 boot loop)



> I personally have immediately disabled SELinux on any and every box I've
> ever installed for myself, and grind my teeth any time I even see the
> word.

I didn't disable it on the first fedora release it showed up on, and
spent hours after that just trying to gain enough access to my own system
to disable it when I found that basically nothing worked. Ever
since then I not only disable it when installing, but also add
selinux=0 to the kernel options just to be sure :-).
 
> Would any of you out there care to share with me any of your personal
> experiences with SELinux being useful to you (in any way whatsoever), on
> a single-user workstation?

I can't imagine ever having an experience where any form of security
software turned out to be useful, but I do have a theory that explains
selinux in fedora and apparmor in opensuse:

Large numbers of government contracts need you to check a box for
"enhanced security" in order to bid on them, therefore selinux was
born.

If redhat had shipped selinux in enterprise when it was in the condition
it first showed up in fedora, they would have lost every paying
enterprise customer, therefore they needed a large group of suckers
to find all the obvious problems.

That's us :-).

Cross out redhat and selinux and write in suse and apparmor with a
crayon, and the same explanation applies :-).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]