[CentOS] SELinux - way of the future or good idea but !!!

Wed Dec 1 15:19:25 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

On this thread, I'm speaking with my manager, and the other admin comes
in, ranting about selinux, and that he's going to file a bug against it
with RH.... Seems he installed RHEL6, and had the misfortune of having an
older Sun keyboard, and may have hit the <caps lock> key when entering the
root password... and he couldn't log in. So he rebooted to single user
mode, and ran passwd... which sat there for a while, then quit, with no
messages. Then he turned off selinux, and passwd worked... so the whole
selinux thing was a pointless and irritating exercise.

Of course, if selinux had stopped him from turning enforcing off, he'd
have had to reboot from the rescue disk, at the least, and reinstall at
the worst.

The bigger question is why selinux when the system is in single user mode,
and offline. If someone has console access, and shouldn't have, you have
management problems, not o/s security problems.