[CentOS] SELinux - way of the future or good idea but !!!

Marko Vojinovic vvmarko at gmail.com
Sun Nov 28 07:16:53 EST 2010


On Sunday 28 November 2010 11:22:14 Eero Volotinen wrote:
> > You forgot "take on becoming the SELinux integration  manager for that
> > project with every single update". I've done that several times now
> 
> In commercial service production, wasted time also costs money.
> 
> I think it is easier/cheaper to use hardware firewalls and idp systems
> to protect servers than fight with selinux on each server.
> 
> SELinux tuning might work on companies with unlimited resources like
> NSA .. or if you run server at home with unlimited free time to tune
> it up.

This is just FUD. If SELinux yells at you, you have an insecure system, 
period. Deal with that, not with SELinux.

If you deliberately want to keep your system insecure, modify local SELinux 
policy to allow access. It is enough to do it just once, or at least until you 
reinstall the OS on the machine.

It just takes a minimal investment of time to learn how to interact with 
SELinux. And any serious sysadmin should learn it.

Best, :-)
Marko



More information about the CentOS mailing list