[CentOS] Re: selinux stuff - I just don't get

Tue Nov 15 03:07:50 UTC 2005
Chris Mauritz <chrism at imntv.com>

Craig White wrote:

>On Mon, 2005-11-14 at 21:13 -0500, Chris Mauritz wrote:
>  
>
>>Craig White wrote:
>>
>>    
>>
>>>The apparent lack of people bitching about this on nahant list or centos
>>>list makes me think that a large amount of RHEL 4 (or clone) users have
>>>simply turned SELinux off. I guess that puzzles me as much as anything.
>>> 
>>>
>>>      
>>>
>>What's with the bug up your nether regions?  People turn it off because 
>>they feel they don't need it.  For many people it is simply a broken 
>>distraction.  It should be turned off by default, but it isn't.  Are you 
>>also going to lecture people for turning off other software packages 
>>that come bundled "on" by default?  Why does this bother you so much?
>>    
>>
>----
>I'm not sure why you would interpret my expressing puzzlement as meaning
>that it's a bug up my nether regions. Do you take all statements to
>their extreme extension? In any event, when users use the stuff, report
>back their issues things get fixed, things improve, it's the pattern of
>open source. Of course are free to opt out by turning it off.
>  
>

I based my interpretation on the body of your last few posts.  I also am 
experiencing "puzzlement" when someone wishes me to use a tool which I 
have expressed no interest in using.  8-)  If others want to spend their 
time thrashing the bugs on something I don't want/need, then my hat's 
off to them.  Bully for them!

>I don't want to tell a client that their system was compromised and that
>one of the security mechanisms delivered with the system was shut off
>because I didn't understand it.
>  
>

Is there a particular feature of SELinux that this client needs to use?  
Or will SELinux simply be turned on because it's there?  If you don't 
explicitly need functionality provided by SELinux, perhaps it might be 
more prudent to exclude it...especially since you say you don't 
understand it.  And that's not a jibe at you.  It's by no means an easy 
subject.

Cheers,