[CentOS] selinux stuff - I just don't get -- broad arguments = yet another meta-discussion (YAMD)

Bryan J. Smith thebs413 at earthlink.net
Mon Nov 14 11:56:41 UTC 2005


Peter Farrow <peter at farrows.org> wrote:
> Additionally, if loads of people say "turn it off" doesn't
> that tell you something about it....
> the writing is on the wall  ;-)

Just like "deny all _outgoing_" firewalls?  I mean, they do
the same thing, get rid of having to deal with outgoing
Internet incompatibilities.

Result?
Oh I don't know, how about stuff like the Half-Life 2 code on
the Internet?

Locking down just _outgoing_ layer-3/4 access is difficult
enough that many companies don't do that either.  And that's
just layer-3/4, we're not talking application-level!

And that's just -- to use your example -- a "firewall." 
Saying "firewall" is like saying "3D accelerator."

SELinux is just another filter, done at the OS to prevent
application access to where it should not -- _or_ require
applications to be properly setup for select access.

It's a PITA, but when you need it, it's worth it.
If you don't, turn it off, by all means!

The only writing on the wall is that companies Sun is
actually making other UNIX flavors, such as Solaris,
attractive versus Linux again.  God knows many of us left
Solaris for Linux years ago, yet Solaris 10 is making many of
us rethink that move.

If people like yourself get your way, I'll have no choice.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)



More information about the CentOS mailing list