[CentOS] SELinux - way of the future or good idea but !!!
John R. Dennison
jrd at gerdesas.com
Sat Nov 27 02:01:13 UTC 2010
On Sat, Nov 27, 2010 at 03:29:49AM +0200, Eero Volotinen wrote:
>
> Usually it causes more problems. If you have unlimited resources to tune it up,
> then it possibly helps on the way.
Only if you don't bother to take the time to read any of the
resources I previously provided or any of the other SElinux
resources available on the 'net.
SElinux is not brain surgery; spend some time with the
documentation and you'll be surprised at how easily it all comes
together after a while.
Telling people to disable it is not only foolish but completely
irresponsible; doubly so in a medium that exists to support
users.
If the best avenue was to disable it do you honestly think that
upstream would enable it by default?
This is 2010 - people are expected to actually make an effort at
learning the systems they so casually throw up on the 'net and
to take responsibility for those systems. Every time a box gets
compromised it can pose a risk to the rest of us; please be
mature and responsible enough to make it as difficult as
possible to permit such a compromise in the first place.
John
--
Live a good life. If there are gods and they are just, they will not care
how devout you have been, but will welcome you based on the virtues you
have lived by. If there are gods, but unjust, then you should not want to
worship them. If there are no gods, then you will be gone, but will have
lived a noble life that will live on in the memories of your loved ones.
-- Marcus Aurelius (121-180), philosopher and writer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20101126/89f2c56a/attachment.sig>
More information about the CentOS
mailing list