[CentOS] SELinux - way of the future or good idea but !!!

Les Mikesell lesmikesell at gmail.com
Mon Nov 29 21:35:44 EST 2010

On 11/29/10 8:10 PM, Christopher Chan wrote:
>> Yes, if you are concerned about security of certain files it is indeed a
>> good idea to run software you don't trust elsewhere.  And if the problem
>> is not trusting software, why are you putting blind faith in the SELinux
>> code?
> Oh certainly. That is why there is a separate SELinux user context for
> apache too.
> Blind faith in SELinux code? Hey, let's not run anything at all then.
> SELinux provides an extra layer of security to use against exploits that may
> go beyond what we can do with the usual posix provisions. I do not see why
> you have a problem with it.

Not so much a problem - I'm just saying that you should do the simple things 
that have always worked first, then add SELinux if you want.

   Les Mikesell
     lesmikesell at gmail.com

More information about the CentOS mailing list