James Mckenzie jjmckenzie51 at
Tue Aug 31 14:34:42 UTC 2010

Tim <ignored_mailbox at> wrote:
>Sent: Aug 31, 2010 5:30 AM
>To: Community support for Fedora users <users at>
>Subject: Re: SELINUX
>On Tue, 2010-08-31 at 00:15 +0000, JB wrote:
>> Well, if selinux is the best that happened to security since sliced bread, then
>> why people make these comments ?
>Because people like to bitch, particularly the ignorant ones.
Maybe because SeLinux is harder than hell to configure, if your favorite application is not already configured.  This is BY DESIGN to prevent 'ordinary' users from mucking around in it.  

>> Why do security people think they have the ability to dictate to
>> application writers that they use specialized API's or write arcane
>> security policies?
>Gee, that's a tough one.  Probably because security people know more
>about security than non-security-aware programmers...
Bingo.  Maybe it is also so that they write more secure code as well.

If you are on the Internet, SeLinux is a great product which is designed to give you enhanced, but not perfect, security.

Now that's my dime on this.  I don't run SeLinux, my system is not networked.  That is MY decision.  If it ever becomes networked, SeLinux, ip tables and a bunch of other stuff is going on it first.

James McKenzie
SSCP 367830

More information about the users mailing list