[CentOS] SELinux - way of the future or good idea but !!!

Lamar Owen lowen at pari.edu
Tue Nov 30 17:23:39 EST 2010

On Tuesday, November 30, 2010 04:53:38 pm Bob McConnell wrote:
> That one's easy, don't ever install the plugin, or anything else from 
> Adobe. Second step, set NoScript to block everything and everyone. If 
> any site has content that requires either of those, I will never see it. 
> That's their loss, not mine. If they want me to see it they can make it 
> available via the approved methods.

Well, that's the point: there are corporate/enterprise applications written in various scripting languages that you simply have to use if you are that corporation's employee.  Whitelisting sites is good; being able to restrict the plugin's access is better.  AJAXed applications are becoming the norm, not the exception, and I have seen (and evaluated) applications where the client was in Air, or Flash (that had to have a particular Flash plugin, and the non-Adobe solutions weren't acceptable), or had fillable PDF's, and other interesting things along those lines.

And the number of Java applications that require the Oracle 1.6 JRE are numerous; many won't work with OpenJDK.  So you have to have an Oracle JRE.  And, yes, those can be a challenge to integrate properly (SELinux or no SELinux).  Scalix, for instance, is primarily written in Java (so is OpenXchange, for that matter), but at least it bundles a tested JRE and plays nice with the SELinux targeted policy.

More information about the CentOS mailing list