[CentOS] selinux stuff - I just don't get

Craig White craigwhite at azapple.com
Mon Nov 14 14:32:09 UTC 2005


On Mon, 2005-11-14 at 11:18 +0000, Peter Farrow wrote:
> We've been here before by the way
> 
> http://lists.centos.org/pipermail/centos/2005-May/006303.html
> 
> 
> Peter Farrow wrote:
> 
> > Thats because its entirely possible to make a system secure without 
> > Selinux, it was only born in Centos from Version 4.
> >
> > While I would never recommend turning off a firewall, I would 
> > recommend turning off Selinux:  a firewall doesn't stop stuff on the 
> > box working properly as it ships, Selinux does.
> >
> > For example anything that would stop squid running properly out of the 
> > box (as Selinux does) is of limited value, in this instance its not 
> > required, it gets in the way, it IS easily possible to have a secure 
> > system without Selinux, whereas that is doubtful without a firewall.  
> > Chalk and cheese springs to mind.
> >
> > If Selinux is the "baby" in your metaphor, then the best thing to with 
> > it is hold it under the water until it stops moving....
> >
> > For those of us who know how to configure secure systems (and I'm not 
> > suggesting you don't Tony by any stretch) Selinux is additionaly bloat 
> > I (we) don't really need.  It just slows the system down...
> >
> > I''ve never needed it......
> >
----
and it appears still that your confidence that you can secure systems
without it gets in the way of any efforts to learn how it may benefit
you.

Thanks for the chatter...I know how to turn it off. I am trying to learn
to live with the beast.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the CentOS mailing list