No more selinux-policy-*-sources
Olivier Galibert
galibert at pobox.com
Tue Mar 14 18:56:35 UTC 2006
On Tue, Mar 14, 2006 at 09:26:01AM -0700, Stephen J. Smoogen wrote:
> To be honest, we have found that the following people turn off SeLinux
> for the following reasons:
[1-4]
5. They copied their / through remounting and rsync to another
partition on another disk to be able to change the partitions on the
original disk and ended up trying to find out why they couldn't log in
even as root anymore. Which is fun to debug without the web. It will
be a large number of years before my GF's brother allows selinux
anywhere his computer.
The selinux cra^Wlabels should have been taken into account in
cp/tar/rsync and other applications that copy executables before
anybody thought about activating it. Now its reputation is so bad
people will wait for several years before even thinking about trying
it again. "Failing gracefully" is one of these basic concepts
security people like to ignore or even rant about, forgetting the real
world needs it. Locking root out of login on the console with its
password typed on the keyboard if some magic, fs-layout-dependant
flags aren't perfectly set in some hidden corner is stupid beyond
belief. I personally won't ever trust selinux until the mentality
changes. I don't always have a rescue cd handy.
OG.
More information about the devel
mailing list