[CentOS] SELinux threads, cynicism, one-upmanship, etc.
Bryan J. Smith
thebs413 at earthlink.net
Wed Nov 16 22:53:43 UTC 2005
Nathan Oyler <noyler at khimetrics.com> wrote:
> I disagree with this. The main reason I dislike SELinux is
> the way I was introduced to it.
> I wasted quite a bit of time on an issue before I even knew
> what SELinux was because it was turned on by default on an
FC2
> machine. I was asked by another admin to use FC2 on a
> particular job, and I never saw SELinux.
When has _any_ Red Hat ".0" release not caused grief!
I purposely _avoided_ Fedora Core 2 _until_ Fedora Core 3 was
almost released -- and even then, I _only_ installed it for
"test." I have the same attitude on Fedora Core 4, I'm
waiting for 5.
Fedora Core is quickly becoming a 7-9 month release cycle, so
RHEL releases are every 2 FC releases. So consider FC
releases the opposite of Star Trek movies ... the odd are
good, the even are bad. ;-ppp
> I turn it on now for all machines, but if you were to have
> asked me at any point in the week my feelings on SELinux
they
> would have not been pleasant.
The cool thing about RHEL and, subsequently, CentOS is by the
time a new version comes out, the Fedora Core users have
addressed most of the concerns, and the leftover issues are
known.
> At the time, I looked and there wasn't any real
> documentation for what I was trying to do,
Red Hat Linux 5.0, Red Hat Linux 7.0, Red Hat Linux 8.0 ...
Fedora Core 2 was just yet another one in the chain of
complaints. (big grin ;-)
> and why it failed. Now after time has passed, I
> realize what was going on but when you're in the middle of
> a job on a time crunch,
Ummm, why were you installing Fedora Core 2 in a _production_
environment?
I mean, I'm all for Fedora Core in a production environment,
but _not_ the latest version that changes everything (which
Fedora Core 2 did). Yikes!
> the last thing you want to do is learn a new security
> system.
The last thing you want to do is install a massive version
change of RHL/FC in a production network!
> I turned the thing off. Got what I needed done, and came
> back to the issue at a later date.
And I don't think anyone would disagree on the first release
with SELinux. Then again, I would definitely _disagree_ with
your deploying Fedora Core 2 on a production system.
I would have the same reasoning behind Red Hat Linux 5.0, 7.0
and 8.0 as well. Red Hat Linux 6.0 wasn't perfect either.
> The turning it on by default irked me.
Release notes are a beautiful thing. ;->
> Superuser power as a trip is just silly.
> What's the difference?
> All I want is enough power to do my job.
Ahhhh, the repeat theme here.
RBAC/MAC purposely prevents you from doing your job from 1
account. It forces you to go about things differently.
--
Bryan J. Smith | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org | (please excuse any
http://thebs413.blogspot.com/ | missing headers)
More information about the CentOS
mailing list