SELinux survey (was RE: Stupid F7 boot loop)

Wed Aug 29 18:02:33 UTC 2007

Tom Horsley wrote:
>> I personally have immediately disabled SELinux on any and every box I've
>> ever installed for myself, and grind my teeth any time I even see the
>> word.
>>     
>
> I didn't disable it on the first fedora release it showed up on, and
> spent hours after that just trying to gain enough access to my own system
> to disable it when I found that basically nothing worked. Ever
> since then I not only disable it when installing, but also add
> selinux=0 to the kernel options just to be sure :-).
>  
>   
>> Would any of you out there care to share with me any of your personal
>> experiences with SELinux being useful to you (in any way whatsoever), on
>> a single-user workstation?
>>     
>
> I can't imagine ever having an experience where any form of security
> software turned out to be useful, but I do have a theory that explains
> selinux in fedora and apparmor in opensuse:
>
> Large numbers of government contracts need you to check a box for
> "enhanced security" in order to bid on them, therefore selinux was
> born.
>
> If redhat had shipped selinux in enterprise when it was in the condition
> it first showed up in fedora, they would have lost every paying
> enterprise customer, therefore they needed a large group of suckers
> to find all the obvious problems.
>
> That's us :-).
>
> Cross out redhat and selinux and write in suse and apparmor with a
> crayon, and the same explanation applies :-).
>
>   
    Once about Fedora Core 4 I noticed Selinux was there and I turned it 
on. I began to have odd problems. Things stopped working. I discovered 
how to turn it off and all problems stopped.

    Since then I always turn it off during installation. Right after I 
refuse to give Grub a password :-)


-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.