On 09/20/2011 08:07 PM, Tom Horsley wrote:
On Tue, 20 Sep 2011 19:37:04 +0800
Ed Greshko wrote:
> Other than the occasional need for a custom policy I've not had any problems.
And did you perform an intensive security review of the source for the
program requiring the custom policy to insure that it is in fact
perfectly OK to allow whatever the heck selinux was disallowing?
Or (as I suspect is far more likely :-) did you just say, "OK, I need
to run this program, so I'll allow that."
I do not know what your definition of "intensive security review" is...
But, yes a risk assessment were undertaken to determine why the sealert
was generated and the implications of generating a policy to allow the
program to run. FWIW, I didn't do all the work personally in all
instances but in at least one case the code was changed as opposed to
creating a custom policy.
And, of course, the standard selinux policy files shipped with
fedora
have grown in the exact same fashion. The reason most folks don't
have problems with selinux any longer is that all the quirks and
foibles of all the programs shipped with fedora have gradually
been added to the policy files, almost certainly without any
of the intensive security reviews of the source which would make
it marginally safe to allow those behaviors. (Because if the
source had gone through that kind of review, they'd still be
working on the 1st policy exception :-).
I don't know if the assertion that you've made in this paragraph are
true or not. I'm inclined to take what you've said as either an opinion
or maybe an "educated" assumption.
So basically, you can get a system which is every bit as secure
as one running selinux by turning off selinux, and then you don't
ever get bothered by the "occasional need" to write a custom
policy, or get fooled into a sense of security because you
have selinux turned on.
It seems you are advocating to "just turn it off".?
--
Even if you do learn to speak correct English, whom are you going to
speak it to? -- Clarence Darrow