[CentOS] SELinux - way of the future or good idea but !!!

Les Mikesell lesmikesell at gmail.com
Mon Nov 29 21:35:44 EST 2010


On 11/29/10 8:10 PM, Christopher Chan wrote:
>
>> Yes, if you are concerned about security of certain files it is indeed a
>> good idea to run software you don't trust elsewhere.  And if the problem
>> is not trusting software, why are you putting blind faith in the SELinux
>> code?
>
> Oh certainly. That is why there is a separate SELinux user context for
> apache too.
> Blind faith in SELinux code? Hey, let's not run anything at all then.
> SELinux provides an extra layer of security to use against exploits that may
> go beyond what we can do with the usual posix provisions. I do not see why
> you have a problem with it.

Not so much a problem - I'm just saying that you should do the simple things 
that have always worked first, then add SELinux if you want.

-- 
   Les Mikesell
     lesmikesell at gmail.com


More information about the CentOS mailing list