[CentOS] SELinux - way of the future or good idea but !!!

Wed Dec 1 03:37:15 UTC 2010
Nico Kadel-Garcia <nkadel at gmail.com>

On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic <vvmarko at gmail.com> wrote:
> On Tuesday 30 November 2010 20:54:37 m.roth at 5-cent.us wrote:
>> And about apache... most of those attacks are preventable through
>> defensive configuration and coding for httpd itself. Looking to selinux to
>> protect you is very sloppy.
>
> So a guy in a circus, performing acrobatics on a trapeze doesn't actually ever
> need a safety fishnet below, right? All he needs to do is make sure never to
> slip, or miss to catch the trapeze bar while performing. If he isn't sloppy,
> he will never fall. Simple. ;-)

Historically (although it's gotten better), the SELinux net was
erected by blocking off all the ladders to the trapeze. This is great
for safety of bystanders and keeping the clowns from making the
trapeze slippery with cream pies, but made it hard to actually
entertain the crowd. And entertaining the crowd is what a circus gets
paid for.