[CentOS] SELinux - way of the future or good idea but !!!

Les Mikesell lesmikesell at gmail.com
Tue Dec 7 23:29:44 UTC 2010


On 12/7/10 1:45 PM, Marko Vojinovic wrote:
>
> And it isn't really rocket science. It's just an extension to the existing
> classical permissions system --- it works in analogous way, just with greater
> flexibility and power. If you know how to understand and use file permissions,
> you will easily grasp all about SELinux.

No, it doesn't have much in common with the standard uid/gid based permissioning 
system.

> 5) disable SELinux and be ignorant about security.
>
> If you choose 5), feel free to also disable iptables, log in as root all the
> time, and make sure that the root password is clearly visible on the company
> website. Why bother with all that stuff, anyway? ;-)

I think you've missed the point that 'all that stuff' (being traditional unix 
security mechanisms) are not all that insecure.  It is only when you get them 
wrong that you need to fall back on selinux as a safety net.   And if you can't 
get the simple version right, how can you hope to do it right with something 
wildly more complicated?

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list