Alan Cox alan at
Mon Aug 30 21:06:52 UTC 2010

> |    hand-crafted security policy, caused me to swear off of it.  For
> |    me, given my threat model and how much my time is worth, life is
> |    too short for SELinux.
> And JWZ:

And if you have a machine actually plugged into the internet, handling
any untrusted content or with potentialy buggy apps (which is just about
anything that opens an image for example) then its kind of useful.

An awful lot of attacks simply don't work because of SELinux. But it's
your system, one of the things about Free Software is you control the
tradeoffs on your machine not some vendor by diktat.

Myself - I'm prepared to fiddle now and then with SELinux settings on my
box so that its much harder to steal all my email, run off with my credit
card data or just be a nuisance.

Sad to see people made the same argument about firewalls long ago - turn
it off it breaks doom, video streaming, etc. Nowdays anyone suggesting
turning off your firewall or always running as root (saves debugging file
permission problems) would be howled down. It's not alas occurred yet
with SELinux.

As to software which demands you disable security, I always apply common
sense and treat it the same way as if a passing tradesman says "can you
just leave your door unlocked for the weekend"


More information about the users mailing list