[CentOS] SELinux threads, cynicism, one-upmanship, etc.
peter at farrows.org
Mon Nov 21 15:38:53 UTC 2005
furthermore from Hughsjr:
>I disagree ... to me enabled by default would be like the core and base
> >default packages .... they are turned on, and one can not turn them off.
> >They are enabled by default, whether you need them or not.
ummm, err, that would be "mandatory" then and not "default"
Thats another nail in the coffin, tighter in the corner, up to your chin
in it now I reckon....
Craig White wrote:
>On Mon, 2005-11-21 at 14:15 +0000, Peter Farrow wrote:
>>The point was, as its very much beta quality, it should be up to the
>>user to ask for it, not have it dropped on them by default.
>not that it's going to change this discussion, but the characterization
>that SELinux is 'very much beta quality' might be yours, definitely is
>Brian Brunner's and perhaps some others but certainly isn't the
>characterization of the upstream provider whose intent is to only
>include 'stable' services in their Enterprise product.
>In that respect, that characterization is out of line with the upstream
>My own experiences with many servers running RHEL & CentOS with SELinux
>set to enforcing mode is that 'audit2allow' lacks a man page. Beyond
>that, I have seen nothing to suggest that it is not ready for prime
>The only 'beta quality' I am seeing is sysadmins who simply turn it off
>because they fear having it enabled since they know absolutely nothing
>about it which means that there is a lack of informed people capable of
>answering questions. Thus the beta quality tag probably refers more to
>the participants of this list than the security services provided from
More information about the CentOS