On Sat, Jul 21, 2007 12:19:23 PM -0500, Johnny Hughes (johnny@centos.org) wrote:
Don't turn off SELinux.
Hmmm... I had also forgotten this side of the package. I will be running on a rented VPS, can SELinux be used in such contexts?
Also, frankly I am not up to date on this, but I do remember reading a lot of "Just turn off selinux, isn't worth it" and "selinux isn't mature/ documented enough yet" in relatively recent times, both on Fedora and Centos lists.
Is this still the case?
It was never the case ... SELinux has been turned on by default by Red Hat in RHEL4 and RHEL5.
Yes, but I do remember several threads on the confusion this caused, hence my comment
People who say "turn it off" do so because the either don't understand what it does OR they don't know how to use it.
Sure. This could be due to the feature not being sufficiently documented (see my earlier comments in the thread on ssl, for example), something that in practice would still make it hardly usable for all but the most competent, full-time sysadmins. Regardless of how well it's working or is packaged in any distro.
'night, Marco