On 05/26/2010 08:44 AM, Benjamin Franz wrote: > > I can make a useful argument from experience. Over the last few years, > as Redhat has progressively deployed SELinux, I have had *several* > incidents (the most recent only a few weeks ago) where updates to > SELinux broke existing, stable, systems. Each time sucking up hours of > my time to diagnose and fix. And (as in this incident) there are not > always useful error messages to track it with. Except that in this incident, there WERE useful error messages. The OP simply didn't know that he needed to look in /var/log/audit/audit.log. > The *theoretical* system security improvement of SELinux is trumped by > the *practical* observation that I have had existing systems broken by > SELinux multiple times on the mere handful of systems I have run it on > in enforcing mode, but have yet to see a single one of several dozen > (all internet exposed) up-to-date *non*-SELinux systems hacked. You are comparing two unlike things. You can't very well judge the benefits of SELinux based on a system which hasn't needed its protection. > It is a 'safety' feature that is in practice more dangerous to system > stability than what it is trying to fix. I advise administrators to test all updates on non-production systems. SELinux updates are no exception.