SELinux survey (was RE: Stupid F7 boot loop)

[Tim]

On Wed, 2007-08-29 at 12:02 -0600, Karl Larsen wrote:
>     Once about Fedora Core 4 I noticed Selinux was there and I turned
> it on. I began to have odd problems. Things stopped working. I
> discovered how to turn it off and all problems stopped.
> 
>     Since then I always turn it off during installation. Right after I
> refuse to give Grub a password :-) 

This is really akin to:  Yesterday I found it very hard to unlock my
front door with the key, so now I never lock the door.

I leave SELinux on.  I've modified a few things where necessary.  If a
package update has caused a SELinux problem, I tend to err on reverting
to the prior version, until the fault is fixed.  About the only time I
turn it off is to test something.

I do use a GRUB password.  I've set my system so that you can boot Linux
without it, but you can't change parameters, or boot my computer without
Linux (the boot sequence only include the hard drive, there's a password
locked entry in grub.conf to boot from a floppy).  Naturally, you'll
need a password to log into Linux, all that anyone else can do is reboot
or shutdown from the login screen.  It'll stop shenanigans from
nuisances, anyone who wants to cause me problems will have to open the
box and reset the BIOS settings, or swap hard drives.  That's not
something you can do easily, quickly, or without being noticed.

-- 
[tim at bigblack ~]$ uname -ipr
2.6.22.1-41.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.