[CentOS] SELinux - way of the future or good idea but !!!

Wed Dec 8 22:01:04 UTC 2010
Warren Young <warren at etr-usa.com>

On 12/8/2010 3:04 AM, David Sommerseth wrote:
> it is still not recommendable to trade security for simplicity.

Security is never an absolute, is *always* a tradeoff against simplicity.

We could store our servers 16 feet underground and encased in concrete 
to prevent tampering and accidental power cycling.  We don't do that 
because union labor makes digging them back out when we really do 
intentionally want to power cycle them or perform physical maintenance 
impractical.

Security is a continuum.  One should rationally choose where along it 
one wants to be.  There are defensible, rational reasons to choose to 
disable SELinux.