SELinux
Ralf Corsepius
rc040203 at freenet.de
Tue Aug 31 13:34:29 UTC 2010
On 08/31/2010 02:26 PM, Tim wrote:
> On Mon, 2010-08-30 at 22:06 +0100, Alan Cox wrote:
>> As to software which demands you disable security, I always apply
>> common sense and treat it the same way as if a passing tradesman says
>> "can you just leave your door unlocked for the weekend"
>
> Likewise for people vehemently advocating to disable SELinux, I view
> them with a great deal of suspicion. Is it simply they really do not
> like it, or do they have ulterior motives?
Neither. Initially, when trying to use it, they typically notice
something stops working. Then, when trying to make it work, they get
lost in arcane and cryptic tools.
To utilize Alan's ABS analogy: In most cases, the only UI ABS offers to
end-users an on/off switch and "just works". SELinux however forces to
fiddle and dig through 100s of knobs and switches.
In short: there is nothing fundamentally wrong with SELinux, except that
its UIs and GUIs are not end-user-ready and that the Fedora SELinux
policy packages suffer from bugs.
Ralf
More information about the users
mailing list