[CentOS] SELinux - way of the future or good idea but !!!
Marko Vojinovic
vvmarko at gmail.com
Sun Nov 28 12:16:53 UTC 2010
On Sunday 28 November 2010 11:22:14 Eero Volotinen wrote:
> > You forgot "take on becoming the SELinux integration manager for that
> > project with every single update". I've done that several times now
>
> In commercial service production, wasted time also costs money.
>
> I think it is easier/cheaper to use hardware firewalls and idp systems
> to protect servers than fight with selinux on each server.
>
> SELinux tuning might work on companies with unlimited resources like
> NSA .. or if you run server at home with unlimited free time to tune
> it up.
This is just FUD. If SELinux yells at you, you have an insecure system,
period. Deal with that, not with SELinux.
If you deliberately want to keep your system insecure, modify local SELinux
policy to allow access. It is enough to do it just once, or at least until you
reinstall the OS on the machine.
It just takes a minimal investment of time to learn how to interact with
SELinux. And any serious sysadmin should learn it.
Best, :-)
Marko
More information about the CentOS
mailing list