[CentOS] selinux stuff - I just don't get
peter at farrows.org
Mon Nov 14 14:08:59 UTC 2005
I agree Les,
Selinux just adds bloat that we've managed without for many many years.
Another layer of complexity to allow another layer of
Les Mikesell wrote:
>On Mon, 2005-11-14 at 05:04, Tony wrote:
>>It always amazes me how quick people are to suggest that you just
>>switch selinux off, without balancing the suggestion with an
>>explanation of what they are losing by doing this.
>What you get without it is the well-understood unix permission
>system that served everyone well for several decades. Exploits
>involving buggy code have happened, but If we've learned anything
>along the way it is that adding new and less-tested code to a
>working system doesn't necessarily make it more secure.
>> Would you switch a firewall off because it keeps filling your log
>>files up with packet info? An English expression involving babies and
>>bathwater springs to mind ;-)
>I'd need some reason to think that the firewall code was
>less likely to be exploited than the rest of the system it
>is supposed to be protecting to consider it important.
More information about the CentOS