[CentOS] selinux stuff - I just don't get

Peter Farrow peter at farrows.org
Mon Nov 14 15:04:53 UTC 2005


I agree 100% I don't need it to make a system secure.

>and it appears still that your confidence that you can secure systems
>without it gets in the way of any efforts to learn how it may benefit
>you.




Craig White wrote:

>On Mon, 2005-11-14 at 11:18 +0000, Peter Farrow wrote:
>  
>
>>We've been here before by the way
>>
>>http://lists.centos.org/pipermail/centos/2005-May/006303.html
>>
>>
>>Peter Farrow wrote:
>>
>>    
>>
>>>Thats because its entirely possible to make a system secure without 
>>>Selinux, it was only born in Centos from Version 4.
>>>
>>>While I would never recommend turning off a firewall, I would 
>>>recommend turning off Selinux:  a firewall doesn't stop stuff on the 
>>>box working properly as it ships, Selinux does.
>>>
>>>For example anything that would stop squid running properly out of the 
>>>box (as Selinux does) is of limited value, in this instance its not 
>>>required, it gets in the way, it IS easily possible to have a secure 
>>>system without Selinux, whereas that is doubtful without a firewall.  
>>>Chalk and cheese springs to mind.
>>>
>>>If Selinux is the "baby" in your metaphor, then the best thing to with 
>>>it is hold it under the water until it stops moving....
>>>
>>>For those of us who know how to configure secure systems (and I'm not 
>>>suggesting you don't Tony by any stretch) Selinux is additionaly bloat 
>>>I (we) don't really need.  It just slows the system down...
>>>
>>>I''ve never needed it......
>>>
>>>      
>>>
>----
>and it appears still that your confidence that you can secure systems
>without it gets in the way of any efforts to learn how it may benefit
>you.
>
>Thanks for the chatter...I know how to turn it off. I am trying to learn
>to live with the beast.
>
>Craig
>
>
>  
>




More information about the CentOS mailing list