[CentOS] SELinux - way of the future or good idea but !!!

John R. Dennison jrd at gerdesas.com
Fri Nov 26 21:01:13 EST 2010


On Sat, Nov 27, 2010 at 03:29:49AM +0200, Eero Volotinen wrote:
> 
> Usually it causes more problems. If you have unlimited resources to tune it up,
> then it possibly helps on the way.

	Only if you don't bother to take the time to read any of the
	resources I previously provided or any of the other SElinux
	resources available on the 'net.

	SElinux is not brain surgery; spend some time with the
	documentation and you'll be surprised at how easily it all comes
	together after a while.

	Telling people to disable it is not only foolish but completely
	irresponsible; doubly so in a medium that exists to support
	users.
	
	If the best avenue was to disable it do you honestly think that
	upstream would enable it by default?

	This is 2010 - people are expected to actually make an effort at
	learning the systems they so casually throw up on the 'net and
	to take responsibility for those systems.  Every time a box gets
	compromised it can pose a risk to the rest of us; please be
	mature and responsible enough to make it as difficult as
	possible to permit such a compromise in the first place.




							John
-- 
Live a good life.  If there are gods and they are just, they will not care
how devout you have been, but will welcome you based on the virtues you
have lived by.  If there are gods, but unjust, then you should not want to
worship them.  If there are no gods, then you will be gone, but will have
lived a noble life that will live on in the memories of your loved ones.

-- Marcus Aurelius (121-180), philosopher and writer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.centos.org/pipermail/centos/attachments/20101126/89f2c56a/attachment.bin 


More information about the CentOS mailing list