[CentOS] selinux stuff - I just don't get
Peter Farrow
peter at farrows.org
Mon Nov 14 15:04:53 UTC 2005
I agree 100% I don't need it to make a system secure.
>and it appears still that your confidence that you can secure systems
>without it gets in the way of any efforts to learn how it may benefit
>you.
Craig White wrote:
>On Mon, 2005-11-14 at 11:18 +0000, Peter Farrow wrote:
>
>
>>We've been here before by the way
>>
>>http://lists.centos.org/pipermail/centos/2005-May/006303.html
>>
>>
>>Peter Farrow wrote:
>>
>>
>>
>>>Thats because its entirely possible to make a system secure without
>>>Selinux, it was only born in Centos from Version 4.
>>>
>>>While I would never recommend turning off a firewall, I would
>>>recommend turning off Selinux: a firewall doesn't stop stuff on the
>>>box working properly as it ships, Selinux does.
>>>
>>>For example anything that would stop squid running properly out of the
>>>box (as Selinux does) is of limited value, in this instance its not
>>>required, it gets in the way, it IS easily possible to have a secure
>>>system without Selinux, whereas that is doubtful without a firewall.
>>>Chalk and cheese springs to mind.
>>>
>>>If Selinux is the "baby" in your metaphor, then the best thing to with
>>>it is hold it under the water until it stops moving....
>>>
>>>For those of us who know how to configure secure systems (and I'm not
>>>suggesting you don't Tony by any stretch) Selinux is additionaly bloat
>>>I (we) don't really need. It just slows the system down...
>>>
>>>I''ve never needed it......
>>>
>>>
>>>
>----
>and it appears still that your confidence that you can secure systems
>without it gets in the way of any efforts to learn how it may benefit
>you.
>
>Thanks for the chatter...I know how to turn it off. I am trying to learn
>to live with the beast.
>
>Craig
>
>
>
>
More information about the CentOS
mailing list