How best get rid of SELinux?

Alan Cox alan at lxorguk.ukuu.org.uk
Fri Sep 21 23:51:50 UTC 2007


> I note you neglected to include and comment on the fact that if a box is 
> taken  it *is* taken and theres not a thing selinux can do shit about it,
> sure selinux might be all dandy for some cluless tart who has nfi about 

For a large number of cases SELinux in the basic setup will stop an
exploit getting from something like core dumping the web server to
executing arbitary code. Thats a big help.

There are also cases it won't help you. It really comes into its own when
you do custom setups for highly secure systems but that isn't a shippable
generic policy and most users would certainly hate such a locked down box.

> securing their pc and is directly connected to the net, but to large 
> ISP's its a complete hinderance and nuisance, but since we have ceased use 

I know several large ISP's who use SELinux extensively.

> of all RH products as servers as at EOL of RH9 (the last decent RH 
> released product) and moved them all to slackware, we dont have any 
> problem, tried earlier fedoras, but that was never going to last with so 
> little update maintenance time frames and instability and unreliability 

Fedora isn't really intended for back end highly reliable boring server
jobs, thats RHEL, Centos, SLES etc. Its intended to be current, usable
and dynamic.

If you like slackware, use it. If you don't like Fedora nobody is making
you run it or sit on the list.




More information about the fedora-list mailing list