SELinux last straw
snowhare at nihongo.org
Thu Oct 18 16:23:08 UTC 2007
On Thu, 18 Oct 2007, Arthur Pemberton wrote:
> On 10/18/07, Les Mikesell <lesmikesell at gmail.com> wrote:
>> The place it can hurt is if it causes enough problems that some number
>> of users don't don't upgrade to the versions that use it or don't do
>> timely updates because they have a history of introducing new problems.
>> This drops your first and best line of defense.
> Les, please... this is a public list. Do not spread FUD... there is no
> history of SELinux updates causing problems.
Really? You mean it has never rendered *many* systems effectively broken
at run level 5 because it broke X after an SELinux update? Glad to know it
"never happened". You personally POSTED in a Fedora-List thread on that
"Sorry dude, but join the club, best bet is to downgrade to the
previous version, and put an except in your yum.conf so yum
won't upgrade it again." Arthur Pemberton, June 29, 2005 12:16:38 -0400
And it has never caused systems running in *permissive* mode have yum/rpm
lockups (June 2007, https://bugzilla.redhat.com/show_bug.cgi?id=245389).
I found 163 'high' or 'urgent' SELinux bugs reported in bugzilla.
Things like "selinux prevents X clients from starting", 'selinux prevents
mkinitrd from running properly',' 'SELinux Update Renders Static IP
Addressing Unusable', 'policy prevents Dovecot from working', 'policy
prevents procmail from being used a as local delivery agent', 'selinux
prevents xen hotplug in Fedora 7', 'ypbind cannot run with
selinux-policy-targeted', 'mod_jk malfunctions when selinux is enforced',
'ntpd would not start', 'Unable to login using Squirrelmail', 'selinux
update breaks spamassassin/procmail', 'selinux breaks prelink', 'dhcpd
conflict with selinux', 'selinux blocks swapon when called from
/etc/rc.d/rc.sysinit', 'crond doesn't run jobs in /var/spool/cron/root'.
SELinux and its updates have a *LONG* and *ONGOING* history of causing
serious, even fatal, system problems (the last one I listed above is only
a week old!)
"It is moronic to predict without first establishing an error rate
for a prediction and keeping track of oneâs past record of accuracy."
-- Nassim Nicholas Taleb, Fooled By Randomness
More information about the users