[CentOS] SELinux - way of the future or good idea but !!!

Wed Dec 1 03:42:55 UTC 2010
Christopher Chan <christopher.chan at bradbury.edu.hk>

On Wednesday, December 01, 2010 11:37 AM, Nico Kadel-Garcia wrote:
> On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic<vvmarko at gmail.com>  wrote:
>> On Tuesday 30 November 2010 20:54:37 m.roth at 5-cent.us wrote:
>>> And about apache... most of those attacks are preventable through
>>> defensive configuration and coding for httpd itself. Looking to selinux to
>>> protect you is very sloppy.
>>
>> So a guy in a circus, performing acrobatics on a trapeze doesn't actually ever
>> need a safety fishnet below, right? All he needs to do is make sure never to
>> slip, or miss to catch the trapeze bar while performing. If he isn't sloppy,
>> he will never fall. Simple. ;-)
>
> Historically (although it's gotten better), the SELinux net was
> erected by blocking off all the ladders to the trapeze. This is great
> for safety of bystanders and keeping the clowns from making the
> trapeze slippery with cream pies, but made it hard to actually
> entertain the crowd. And entertaining the crowd is what a circus gets
> paid for.

Kinda hard to blame the net if the performers don't want to learn how to 
use the access ports provided to get through. Maybe the circus should 
think about getting performers willing to do that and not have to worry 
about insurance for not using a net.