SELINUX

Alan Cox alan at lxorguk.ukuu.org.uk
Tue Aug 31 21:46:26 UTC 2010


O> Why do people always pick examples of features with easy user interface when the 
> fact with selinux is that the user interface is totally incomprehensible for the 
> ordinary home user. I for one disable selinux because I don't want to waste time 

The ordinary home user shouldn't even notice it is enabled, which has
been the case for some time now. In the early days it did most definitely
get in the way - just as early distros had permission problems that
needed ironing out.

Very occasionally you hit stuff in a home user environment - usually non
Fedora packages. It's only when you are doing custom web and server
stuff it gets noticable and you have to read the two pages or so of
documentation on labelling cgi that its non-trivial and its rare it gets
hard but some weird cases are fun (eg printing files from a cgi script).

> with learning how to use it. And I have now used red hat/fedora since 2002 
> without loosing one single e-mail or have suffered from any of the horrors that 
> some believe I am risking.

Is that the "I talk on my mobile phone while driving but its ok as I've
not killed anyone yet" ? argument.


Alan


More information about the users mailing list