[CentOS] SELinux - way of the future or good idea but !!!

Nico Kadel-Garcia nkadel at gmail.com
Tue Nov 30 19:27:23 EST 2010


On Tue, Nov 30, 2010 at 5:23 PM, Lamar Owen <lowen at pari.edu> wrote:
> On Tuesday, November 30, 2010 04:53:38 pm Bob McConnell wrote:
>> That one's easy, don't ever install the plugin, or anything else from
>> Adobe. Second step, set NoScript to block everything and everyone. If
>> any site has content that requires either of those, I will never see it.
>> That's their loss, not mine. If they want me to see it they can make it
>> available via the approved methods.
>
> Well, that's the point: there are corporate/enterprise applications written in various scripting languages that you simply have to use if you are that corporation's employee.  Whitelisting sites is good; being able to restrict the plugin's access is better.  AJAXed applications are becoming the norm, not the exception, and I have seen (and evaluated) applications where the client was in Air, or Flash (that had to have a particular Flash plugin, and the non-Adobe solutions weren't acceptable), or had fillable PDF's, and other interesting things along those lines.
>
> And the number of Java applications that require the Oracle 1.6 JRE are numerous; many won't work with OpenJDK.  So you have to have an Oracle JRE.  And, yes, those can be a challenge to integrate properly (SELinux or no SELinux).  Scalix, for instance, is primarily written in Java (so is OpenXchange, for that matter), but at least it bundles a tested JRE and plays nice with the SELinux targeted policy.

No, *THAT* is the sort of reason that I got involved in JPackage
packaging of JDK RPM's....


More information about the CentOS mailing list