[CentOS] SELinux - way of the future or good idea but !!!

Marko Vojinovic vvmarko at gmail.com
Tue Nov 30 22:56:42 EST 2010


On Wednesday 01 December 2010 03:37:15 Nico Kadel-Garcia wrote:
> On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic <vvmarko at gmail.com> wrote:
> > On Tuesday 30 November 2010 20:54:37 m.roth at 5-cent.us wrote:
> >> And about apache... most of those attacks are preventable through
> >> defensive configuration and coding for httpd itself. Looking to selinux
> >> to protect you is very sloppy.
> > 
> > So a guy in a circus, performing acrobatics on a trapeze doesn't actually
> > ever need a safety fishnet below, right? All he needs to do is make sure
> > never to slip, or miss to catch the trapeze bar while performing. If he
> > isn't sloppy, he will never fall. Simple. ;-)
> 
> Historically (although it's gotten better), the SELinux net was
> erected by blocking off all the ladders to the trapeze.

True, but --- as you say --- it's gotten much better since those times.

> This is great
> for safety of bystanders and keeping the clowns from making the
> trapeze slippery with cream pies, but made it hard to actually
> entertain the crowd. And entertaining the crowd is what a circus gets
> paid for.

And when the guy slips off and gets killed in the middle of the performance in 
front of a large number of small children watching in the audience, I really 
wonder if that circus is going to get paid by anyone for the next performance 
tomorrow evening. It happens rarely, but still it does happen sometimes. 

I'd still say a fishnet is a Good Idea(tm), regardless of the fact that it 
takes away some of the excitement during the performance. ;-)

Best, :-)
Marko




More information about the CentOS mailing list