[CentOS] selinux stuff - I just don't get -- "outgoing firewalls are broken"

Les Mikesell lesmikesell at gmail.com
Mon Nov 14 18:28:40 UTC 2005

On Mon, 2005-11-14 at 11:41, Bryan J. Smith wrote:

> The reality is that with SELinux, we don't trust software
> _until_ they are explicitly allowed to access things.  Modes
> like "permissive" use the opposite that logic, and are more
> compatible.
> Just like deny all outgoing firewalls block _all_ outbound
> traffic, _until_ they are explicitly allowed.  And why most
> people just enable allow all outgoing (including every single
> SOHO device you'll find at the superstore).
> Do you understand now?

I think the point you are both making is that you can't use
either of these tools unless you have someone with not much
else to do but baby-sit them or you can get along without the
services they deny (and that you may not know about yet).

   Les Mikesell
    lesmikesell at gmail.com

More information about the CentOS mailing list