[CentOS] selinux stuff - I just don't get
chrism at imntv.com
Mon Nov 14 13:16:29 UTC 2005
Giovanni P. Tirloni wrote:
> Tony wrote:
> > It always amazes me how quick people are to suggest that you just
>> selinux off, without balancing the suggestion with an explanation of
>> what they are losing by doing this. Would you switch a firewall off
>> because it keeps filling your log files up with packet info? An
>> English expression involving babies and bathwater springs to mind ;-)
> Not to turn this into a flamewar but I'd like to mention that for
> someone who has always lived with SELinux it brings no advantage to
> keep it on _and_ causing problems. Specially when you still didn't
> have time to read carefully how SELinux is going to really help you
> (besides breaking things).
> I'm all for SELinux.. just not it's deployment without planning.
> That's why I've inclued a URL to the unofficial SELinux FAQ, so he
> could disable it but read about what it was later.
I usually just disable SELinux as well. It tends to cause problems with
applications and I don't feel it offers any real benefit on an otherwise
"locked down" system. If you need some of the features offered by
SELinux, that's just dandy. I don't and I suspect most casual users of
Linux don't either.
More information about the CentOS