On Wednesday 01 December 2010 03:37:15 Nico Kadel-Garcia wrote: > On Tue, Nov 30, 2010 at 10:28 PM, Marko Vojinovic <vvmarko at gmail.com> wrote: > > On Tuesday 30 November 2010 20:54:37 m.roth at 5-cent.us wrote: > >> And about apache... most of those attacks are preventable through > >> defensive configuration and coding for httpd itself. Looking to selinux > >> to protect you is very sloppy. > > > > So a guy in a circus, performing acrobatics on a trapeze doesn't actually > > ever need a safety fishnet below, right? All he needs to do is make sure > > never to slip, or miss to catch the trapeze bar while performing. If he > > isn't sloppy, he will never fall. Simple. ;-) > > Historically (although it's gotten better), the SELinux net was > erected by blocking off all the ladders to the trapeze. True, but --- as you say --- it's gotten much better since those times. > This is great > for safety of bystanders and keeping the clowns from making the > trapeze slippery with cream pies, but made it hard to actually > entertain the crowd. And entertaining the crowd is what a circus gets > paid for. And when the guy slips off and gets killed in the middle of the performance in front of a large number of small children watching in the audience, I really wonder if that circus is going to get paid by anyone for the next performance tomorrow evening. It happens rarely, but still it does happen sometimes. I'd still say a fishnet is a Good Idea(tm), regardless of the fact that it takes away some of the excitement during the performance. ;-) Best, :-) Marko