SELinux

Fri Jan 21 05:02:18 UTC 2011

On 1/20/11 2:30 PM, Kostas Sfakiotakis wrote:
> On 20/01/2011 11:36 πμ, Tim wrote:
>>   On Thu, 2011-01-20 at 04:23 -0600, Mike McCarty wrote:
>>> Additionally, I note that quite a bit of the bandwidth on the
>>> Fedora and CentOS echoes relate to SELinux making ordinary people
>>> doing ordinary things difficult.
>>   I really don't know why people have such grand problems with it.
> I could think of a million reasons . For example , let´s just say that
> they don´t have an idea about what mandatory access control is and
> how to live with it .
>
>>   I don't. Not even when I run various servers.
> Well that could be your problem Tim . As you say , u run SERVERS . Servers
> are supposed to do very specific things and not every day stuff.
>
>> I strongly suspect it's because they're doing daft things with their
> computer, in the
>>   first place, then following bad advice to resolve it.
>>
> Well that´s the issue . I can´t really understand why i can´t do any
> stupid thing with the computer i have payed for . I payed for the computer and not the
> SELinux development it , an agency , a corporation or whatever else . I
> just want to open my computer and do my stupid things and if i mess things up
> , then so i did . It would be my mess and i would be really happy to clean it .
> After all it is my mess and am paying for it ( well the paying part am doing
> either way ) .
>
As Tim said:  You are not only affecting yourself but by default every 
other user of the Internet if you get infected with a virus/worm/trojan 
horse/spyware.  SELinux is designed to prevent that level of stupidity.  
Sorry, but you have to read through several RFCs to understand your 
ability to screw things up royally when you are on the Information 
Superhighway.  Please take time and read RFC 1087.  It basically spells 
out YOUR responsibilities when driving there.

Now, you are free to take your 'payed for' toy, take it off of the 
Internet and do whatever you want.  At that point, it becomes your 
problem.  Otherwise, you should obey the 'rules of the road' and make 
your system as secure as you can.  I do.  I've disabled flash on my 
browser.  I've blocked all sorts of ads. Why?  Because both are vectors 
for malware.  I don't like rebuilding my systems, but if they get 
infected with someone else's 'stupidity' then I'm out hours of work that 
I won't enjoy doing.  How would you feel if failure to use SELinux 
infects hundreds if not thousands of systems with a virus?  How would 
you feel if not using SELinux saves your work from being inadvertently 
destroyed?  That is why it exists, so stupid people don't do stupid 
things.  Again, you are free to do what you like as long as it will not 
affect others.

Now, if you are trying to do something that you SHOULD be able to do, 
and SELinux will not let you, the SELinux people need to know about this 
and provide either a permanent solution or a work-around.  They should 
not allow you to do stupid stuff with your system when it is on-line and 
connected to the Internet or any other type of network.

James McKenzie