[CentOS] SELinux threads, cynicism, one-upmanship, etc.
heinlein at madboa.com
Thu Nov 17 16:32:51 UTC 2005
On Thu, 17 Nov 2005, Lamar Owen wrote:
> What is on-topic is the simple fact that CentOS ships with SELinux
> on by default; this is the way things are, whether you or I like it
> or not. I happen to like it; YMMV. I quite strongly disagree that
> the answer to SELinux problems should be 'turn it off' as this is
> the lazy way out.
That's a bit too declarative for my taste. It certainly could be the
lazy way out -- or it could be a sysadmin asking the honest question:
is it worth more to my organization *now* for me to spend X hours
figuring out SELinux policies or to spend those hours on a different
You and Lee both have valid points, and I appreciate the discussion.
I'd be hard-pressed, however, to deride the admin who chose to install
SELinux in permissive mode because s/he made an honest assessment that
the time was better spent elsewhere.
It could be laziness. It could be priorities. From the cheap seats,
that assessment isn't mine to make.
As for the machines under my care, most work fine in targeted mode.
For now, those few that don't get the permissive treatment because,
frankly, I don't have the luxury of telling my executive staff that
their priorities need to wait while I solve SELinux policy issues.
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
More information about the CentOS