[CentOS] selinux stuff - I just don't get -- "outgoing firewalls are broken"

Craig White craigwhite at azapple.com
Mon Nov 14 18:35:09 UTC 2005

On Mon, 2005-11-14 at 12:28 -0600, Les Mikesell wrote:
> On Mon, 2005-11-14 at 11:41, Bryan J. Smith wrote:
> > The reality is that with SELinux, we don't trust software
> > _until_ they are explicitly allowed to access things.  Modes
> > like "permissive" use the opposite that logic, and are more
> > compatible.
> > 
> > Just like deny all outgoing firewalls block _all_ outbound
> > traffic, _until_ they are explicitly allowed.  And why most
> > people just enable allow all outgoing (including every single
> > SOHO device you'll find at the superstore).
> > 
> > Do you understand now?
> I think the point you are both making is that you can't use
> either of these tools unless you have someone with not much
> else to do but baby-sit them or you can get along without the
> services they deny (and that you may not know about yet).
I would have sworn the point was that these people just love the debate
and no one knew enough to answer the question that I originally asked.

Thanks to the fedora-selinux mail list, where answers seem to be more
topical than philosophical debate, I got an answer.


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the CentOS mailing list