Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> |    hand-crafted security policy, caused me to swear off of it.  For
> |    me, given my threat model and how much my time is worth, life is
> |    too short for SELinux.
> 
> And JWZ:
> 
>      http://jwz.livejournal.com/719608.html

And if you have a machine actually plugged into the internet, handling
any untrusted content or with potentialy buggy apps (which is just about
anything that opens an image for example) then its kind of useful.

An awful lot of attacks simply don't work because of SELinux. But it's
your system, one of the things about Free Software is you control the
tradeoffs on your machine not some vendor by diktat.

Myself - I'm prepared to fiddle now and then with SELinux settings on my
box so that its much harder to steal all my email, run off with my credit
card data or just be a nuisance.

Sad to see people made the same argument about firewalls long ago - turn
it off it breaks doom, video streaming, etc. Nowdays anyone suggesting
turning off your firewall or always running as root (saves debugging file
permission problems) would be howled down. It's not alas occurred yet
with SELinux.

As to software which demands you disable security, I always apply common
sense and treat it the same way as if a passing tradesman says "can you
just leave your door unlocked for the weekend"

Alan
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux