Drawing lessons from fatal SELinux bug #1054350
Eric Sandeen
sandeen at redhat.com
Fri Jan 24 00:06:24 UTC 2014
On 1/23/14, 5:55 PM, Kevin Kofler wrote:
> * We are enabling SELinux enabled (enforcing) by default, a tool designed to
> prevent anything it does not like from happening. (Reread this carefully:
> The ONLY thing that tool is designed to do at all is PREVENT things. It does
> not have a SINGLE feature other than being a roadblock and an annoyance.)
In the same way that the lock on your front door is an annoyance, I guess.
> * SELinux works by shipping a "policy" that effectively tries to specify in
> one single place (read: single point of failure!) everything any program in
> Fedora (scalability disaster!) ever wants to do (second-guessing its actual
> code, i.e., duplication of all logic!). (Note the 3 (!) major antipatterns
> in a single-sentence (!) description of how SELinux works!)
If you think SELinux is "duplicating all logic" in application code,
I do not think you quite grasp how SELinux works.
If the solution to every serious bug that slips through the cracks of a release
is to disable the package, over time we may not have much left in Fedora.
I know that pretty much all filesystems would be out by now. ;)
-Eric
More information about the devel
mailing list