[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux



Tom Horsley wrote:
>
> OK, I can turn off selinux, and not get any of these errors, or
> I can leave selinux on, get errors, look at the troubleshoot report,
> and follow the instructions to enable the program that had problems
> to go ahead and do whatever nasty things selinux detected. All without
> doing the kind of massive code review required to prove that the nasty
> things are actually harmless in this particular program's case.
>
> So why isn't it much simpler and less trouble to just turn off
> selinux in the first place? I get the same level of security in the
> end, and much less hassle in the meantime :-).
>
>   
Of course that isn't quite true.  What you would have done is made the
decision to trust a single program.  You haven't disable the various
selinux protection schemes for other components.  In other words, you've
handed out a set of keys.  You've not unlocked and opened all the doors
and all the windows and turned off the alarm system.



Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]