[CentOS] SELinux - way of the future or good idea but !!!
lowen at pari.edu
Tue Nov 30 17:23:39 EST 2010
On Tuesday, November 30, 2010 04:53:38 pm Bob McConnell wrote:
> That one's easy, don't ever install the plugin, or anything else from
> Adobe. Second step, set NoScript to block everything and everyone. If
> any site has content that requires either of those, I will never see it.
> That's their loss, not mine. If they want me to see it they can make it
> available via the approved methods.
Well, that's the point: there are corporate/enterprise applications written in various scripting languages that you simply have to use if you are that corporation's employee. Whitelisting sites is good; being able to restrict the plugin's access is better. AJAXed applications are becoming the norm, not the exception, and I have seen (and evaluated) applications where the client was in Air, or Flash (that had to have a particular Flash plugin, and the non-Adobe solutions weren't acceptable), or had fillable PDF's, and other interesting things along those lines.
And the number of Java applications that require the Oracle 1.6 JRE are numerous; many won't work with OpenJDK. So you have to have an Oracle JRE. And, yes, those can be a challenge to integrate properly (SELinux or no SELinux). Scalix, for instance, is primarily written in Java (so is OpenXchange, for that matter), but at least it bundles a tested JRE and plays nice with the SELinux targeted policy.
More information about the CentOS