[CentOS] selinux stuff - I just don't get -- "outgoing firewalls are broken"
Les Mikesell
lesmikesell at gmail.com
Mon Nov 14 18:28:40 UTC 2005
On Mon, 2005-11-14 at 11:41, Bryan J. Smith wrote:
> The reality is that with SELinux, we don't trust software
> _until_ they are explicitly allowed to access things. Modes
> like "permissive" use the opposite that logic, and are more
> compatible.
>
> Just like deny all outgoing firewalls block _all_ outbound
> traffic, _until_ they are explicitly allowed. And why most
> people just enable allow all outgoing (including every single
> SOHO device you'll find at the superstore).
>
> Do you understand now?
I think the point you are both making is that you can't use
either of these tools unless you have someone with not much
else to do but baby-sit them or you can get along without the
services they deny (and that you may not know about yet).
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list