Drawing lessons from fatal SELinux bug #1054350

Eric Sandeen sandeen at redhat.com
Fri Jan 24 00:06:24 UTC 2014

On 1/23/14, 5:55 PM, Kevin Kofler wrote:
> * We are enabling SELinux enabled (enforcing) by default, a tool designed to 
> prevent anything it does not like from happening. (Reread this carefully: 
> The ONLY thing that tool is designed to do at all is PREVENT things. It does 
> not have a SINGLE feature other than being a roadblock and an annoyance.)

In the same way that the lock on your front door is an annoyance, I guess.

> * SELinux works by shipping a "policy" that effectively tries to specify in 
> one single place (read: single point of failure!) everything any program in 
> Fedora (scalability disaster!) ever wants to do (second-guessing its actual 
> code, i.e., duplication of all logic!). (Note the 3 (!) major antipatterns 
> in a single-sentence (!) description of how SELinux works!)

If you think SELinux is "duplicating all logic" in application code,
I do not think you quite grasp how SELinux works.

If the solution to every serious bug that slips through the cracks of a release
is to disable the package, over time we may not have much left in Fedora.

I know that pretty much all filesystems would be out by now. ;)


More information about the devel mailing list