[CentOS] selinux stuff - I just don't get

Peter Farrow peter at farrows.org
Mon Nov 14 11:13:41 UTC 2005

Thats because its entirely possible to make a system secure without 
Selinux, it was only born in Centos from Version 4.

While I would never recommend turning off a firewall, I would recommend 
turning off Selinux:  a firewall doesn't stop stuff on the box working 
properly as it ships, Selinux does.

For example anything that would stop squid running properly out of the 
box (as Selinux does) is of limited value, in this instance its not 
required, it gets in the way, it IS easily possible to have a secure 
system without Selinux, whereas that is doubtful without a firewall.  
Chalk and cheese springs to mind.

If Selinux is the "baby" in your metaphor, then the best thing to with 
it is hold it under the water until it stops moving....

For those of us who know how to configure secure systems (and I'm not 
suggesting you don't Tony by any stretch) Selinux is additionaly bloat I 
(we) don't really need.  It just slows the system down...

I''ve never needed it......


Tony wrote:

> On 11/14/05, *Peter Farrow* <peter at farrows.org 
> <mailto:peter at farrows.org>> wrote:
>     /etc/selinux/config
>     Change this line:
>     SELINUX=enforcing
>     to this:
>     SELINUX=disabled
> It always amazes me how quick people are to suggest that you just 
> switch selinux off, without balancing the suggestion with an 
> explanation of what they are losing by doing this. Would you switch a 
> firewall off because it keeps filling your log files up with packet 
> info?  An English expression involving babies and bathwater springs to 
> mind ;-)
> -- 
> Cheers,
> Tony
>CentOS mailing list
>CentOS at centos.org

More information about the CentOS mailing list