[CentOS] SELinux and access across 'similar types'

Les Mikesell lesmikesell at gmail.com
Sat Jan 7 16:11:59 UTC 2012


On Sat, Jan 7, 2012 at 8:19 AM, John R. Dennison <jrd at gerdesas.com> wrote:
>
> I'm truly sick of the "*cry* selinux makes things _hard_ *cry*"
> whining from not only users but hosting providers and alleged
> "administrators" that are, at the root of it, too lazy to figure out how
> to properly use selinux and similar technologies.

To be fair, it was true for years.  Mostly the packaging has been
fixed so it usually works now if you don't change too much.   But
don't forget that there is some justification for end users making
this complaint.  Selinux is really a second layer of defense that
should really only come into play because programming correctly is
'too hard' for the developers.  But, look at the changelogs and the
history of vulnerabilities  and you'll realize that part isn't likely
to ever change.

-- 
  Les Mikesell
     lesmikesell at gmail.com



More information about the CentOS mailing list