On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic <vvmarko at gmail.com> wrote: > On Tuesday 30 November 2010 20:54:37 m.roth at 5-cent.us wrote: >> And about apache... most of those attacks are preventable through >> defensive configuration and coding for httpd itself. Looking to selinux to >> protect you is very sloppy. > > So a guy in a circus, performing acrobatics on a trapeze doesn't actually ever > need a safety fishnet below, right? All he needs to do is make sure never to > slip, or miss to catch the trapeze bar while performing. If he isn't sloppy, > he will never fall. Simple. ;-) Historically (although it's gotten better), the SELinux net was erected by blocking off all the ladders to the trapeze. This is great for safety of bystanders and keeping the clowns from making the trapeze slippery with cream pies, but made it hard to actually entertain the crowd. And entertaining the crowd is what a circus gets paid for.