[CentOS] selinux stuff - I just don't get -- "outgoing firewalls are broken"

Les Mikesell lesmikesell at gmail.com
Mon Nov 14 18:28:40 UTC 2005


On Mon, 2005-11-14 at 11:41, Bryan J. Smith wrote:

> The reality is that with SELinux, we don't trust software
> _until_ they are explicitly allowed to access things.  Modes
> like "permissive" use the opposite that logic, and are more
> compatible.
> 
> Just like deny all outgoing firewalls block _all_ outbound
> traffic, _until_ they are explicitly allowed.  And why most
> people just enable allow all outgoing (including every single
> SOHO device you'll find at the superstore).
> 
> Do you understand now?

I think the point you are both making is that you can't use
either of these tools unless you have someone with not much
else to do but baby-sit them or you can get along without the
services they deny (and that you may not know about yet).

-- 
   Les Mikesell
    lesmikesell at gmail.com





More information about the CentOS mailing list