mdeggers at gmail.com
Mon Aug 30 05:36:48 UTC 2010
On Mon, 30 Aug 2010 13:29:51 +0900, Takehiko Abe wrote:
>>> I would advise Patrick to disable Selinux. I've made that decision
> >> long ago because it gives me more problems when enabled that I can
> >> possibly solve. IMHO the user interface is so bad that selinux is
> >> unuseable for an ordinary enduser.
Huge rant against SELinux deleted . . . .
I've had exactly the opposite experience running SELinux, even with hand-
compiled applications from a variety of sources - including my own.
I've had some issues with understanding how SELinux works - the latest
being not able to pipe output to root's home directory. However, in
retrospect, the restriction is good and one that is easy to solve (pipe
to /tmp, then mv or cp).
The last two nightmare SELinux issues I had were with Songbird and the
Mono server that enables Mono on Apache. Both had multiple problems, and
to me it's indicative of sloppy coding. I decided not to run those
applications. This is probably a wise decision since Songbird for Linux
is no more. I've yet to see a satisfactory configuration of Mono and
Apache on Linux that doesn't entail disabling SELinux. Since I'm not
a .NET or C# fan, I'll happily do without.
I think in a home environment the key has been to run in permissive mode.
Then you get all of the warnings along with how to fix the problem. An
added bonus is that you can submit bug reports about SELinux with the
hope of making it better and more seamless. Once you don't get SELinux
warnings for a few days, you might think about running in strict mode.
The only continuing nag that I have now is NVidia's proprietary driver.
Fortunately I have a script I run after building the driver to take care
of any lingering SELinux issues. I prefer installing the driver by hand
(as well as tweaking xorg.conf and overclocking my graphics card) rather
than depending on rpmfusion.org. They provide a fine service (and I use
some of their other packages), but I've had no trouble building the stock
. . . . just my two cents.
More information about the users