[CentOS] selinux stuff - I just don't get

Chris Mauritz chrism at imntv.com
Mon Nov 14 13:16:29 UTC 2005

Giovanni P. Tirloni wrote:

> Tony wrote:
>  > It always amazes me how quick people are to suggest that you just 
> switch
>> selinux off, without balancing the suggestion with an explanation of 
>> what they are losing by doing this. Would you switch a firewall off 
>> because it keeps filling your log files up with packet info?  An 
>> English expression involving babies and bathwater springs to mind ;-)
>  Not to turn this into a flamewar but I'd like to mention that for 
> someone who has always lived with SELinux it brings no advantage to 
> keep it on _and_ causing problems. Specially when you still didn't 
> have time to read carefully how SELinux is going to really help you 
> (besides breaking things).
>  I'm all for SELinux.. just not it's deployment without planning. 
> That's why I've inclued a URL to the unofficial SELinux FAQ, so he 
> could disable it but read about what it was later.

I usually just disable SELinux as well.  It tends to cause problems with 
applications and I don't feel it offers any real benefit on an otherwise 
"locked down" system.  If you need some of the features offered by 
SELinux, that's just dandy.  I don't and I suspect most casual users of 
Linux don't either.


More information about the CentOS mailing list