swapping

John Morris jmorris at beau.org
Sat Jan 17 02:40:02 UTC 2015 

On Fri, 2015-01-16 at 16:31 -0800, Gordon Messmer wrote:

> If your computer is single-user anyway, why does it need a security 
> subsystem?
> *eyeroll*

That actually isn't as crazy as you seem to think.  Security should
always be seen as tradeoff between the cost of the security vs the
potential loss and the odds of a breech.  Seen in that light simply
disabling permissions could indeed be justified under some conditions.
But there are some important differences between SELinux and the UNIX
model,

1.  You can teach a total newb (assuming IQ over room temp) the basics
of the UNIX permissions system in under an hour and every admin is
expected to know pretty much all details of it.  Nobody understands
SELinux beyond a few developers at RedHat and the NSA.  Even after
reading the O'Reilly book since it is already obsolete.  Contrast to the
UNIX model that hasn't changed in longer than the median age of the
typical Linux user and has extensive documentation that is accurate.

2.  The UNIX security model is integral to UNIX and Linux.  SELinux
exists almost entirely outside the normal filesystems and toolset.
Normal tools rarely preserve SELInux attributes when taking backups or
transferring files between machines.  RPM only partially understands it
after it being a standard feature for a decade.

3.  Any machine configured even slightly differently than the RH devels
expected -WILL- break SELinux.  Or I have just been very very unlucky on
multiple occasions.  Unless one is, or has access to, one of the
extremely limited number of SELinux experts the best solution is to
simply disable it when it breaks.  Doubly so if the machine in question
isn't a server.

4.  Consider the points above and realize SELinux has been a mandatory
at install time feature on Fedora even longer than PulseAudio, and
neither are even close to being reliable... yet were pushed into
production and removal apparently isn't a topic for civilized
discussion.  At what point is it legitimate to question the wisdom of
this?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20150116/9fcdbca3/attachment.sig>

More information about the users mailing list