[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux



Tom Horsley wrote:
So why isn't it much simpler and less trouble to just turn off
selinux in the first place? I get the same level of security in the
end, and much less hassle in the meantime :-).

(Some days I feel like I should start the Linux Curmudgeon blog,
but there is probably one out there already - I haven't looked).
I think that there's little doubt that selinux is a good idea. But it's only been recently that it worked well enough for me to actually leave it on, and even now I get AVC denial messages for stuff Fedora itself installs (got a few the other day when starting firefox on a *freshly upgraded* FC10 system.

This does strike me as a little sloppy. If Fedora installs it, shouldn't Fedora set selinux to allow it? Maybe I'm missing something...

I dunno. Selinux has always struck me like a car alarm that gives you thirty seconds to enter in a 100 digit code. Faced with that, it's no wonder people shut it down.

--Russell


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]