On Mon, 2005-11-14 at 11:18 +0000, Peter Farrow wrote:
We've been here before by the way
http://lists.centos.org/pipermail/centos/2005-May/006303.html
Peter Farrow wrote:
Thats because its entirely possible to make a system secure without Selinux, it was only born in Centos from Version 4.
While I would never recommend turning off a firewall, I would recommend turning off Selinux: a firewall doesn't stop stuff on the box working properly as it ships, Selinux does.
For example anything that would stop squid running properly out of the box (as Selinux does) is of limited value, in this instance its not required, it gets in the way, it IS easily possible to have a secure system without Selinux, whereas that is doubtful without a firewall. Chalk and cheese springs to mind.
If Selinux is the "baby" in your metaphor, then the best thing to with it is hold it under the water until it stops moving....
For those of us who know how to configure secure systems (and I'm not suggesting you don't Tony by any stretch) Selinux is additionaly bloat I (we) don't really need. It just slows the system down...
I''ve never needed it......
---- and it appears still that your confidence that you can secure systems without it gets in the way of any efforts to learn how it may benefit you.
Thanks for the chatter...I know how to turn it off. I am trying to learn to live with the beast.
Craig