SELinux
JB
jb.1234abcd at gmail.com
Thu Jan 20 09:56:51 UTC 2011
Mike McCarty <Mike.McCarty <at> sbcglobal.net> writes:
> ...
> Additionally, I note that quite a bit of the bandwidth on the Fedora
> and CentOS echoes relate to SELinux making ordinary people doing
> ordinary things difficult. It's a complex subsystem, and I don't need
> more complexity on my machine, either just in defective code (which
> it certainly must have) or in additional administration requirements.
>
> Anyway, it's enough simply to say that I don't want it, for whatever
> reasons, and so I'm on my way not to using any Linux distro which
> forces it upon me.
>
> Mike
Yes, I agree with you.
It is a product of academics employed by NSA, and so of questionable practical
use for people who are dealing with system admin and security issues on daily
basis.
While being aware that I am expanding the thread with another sub-topic, let
me inject here another fiasco in waiting (or already done).
This one will also affect UNIX/Linux system programming and introduce MORE
complexity and LESS security.
How about that "for a change" ?
It is called "capabilities".
http://fedoraproject.org/wiki/Features/RemoveSETUID
Read this carefully (it will scare you if you bother to get deep into it):
http://fedoraproject.org/wiki/Talk:Features/RemoveSETUID
JB
More information about the users
mailing list