On Thu, 2007-06-28 at 09:18 -0600, Karl Larsen wrote: > Selinux is a work in progress. It works so well most IT people I know > turn it off. I have it off on my computer. Now there are 65 trained > hackers at NMSU a mile away. They get tired of Windows and like to > attack Linux. If it gets bad I just go to the college and we find the > guy and ask him to stop. Ah, there's nothing like the personal visit or phone call to some script kiddie who thought that (a) nobody could figure out who they were, and (b) couldn't be bothered doing something about them. One of the local computer shop owners did that. He's a very huge man, and a bit of a thug. I can't say that I've had too much trouble with SELinux. There's been the occasional program that complained, but the next update fixed that up, and the update was fairly quick in being made. People do log bug reports on them, and authors do fix them. I've had a tiny bit of trouble with SELinux and some servers (NFS and Apache), but it wasn't too hard to work out how to do it within the SELinux scheme of doing things. In some cases the default SELinux rule was to disallow it, and you had to flip the option over (e.g. serving from your homespace). In some other cases the answer was not to try serving something from a place that's harder to protect, and use a location set asside for such things. If I were to grizzle about anything, it'd be hard drives and video cards. -- (This box runs FC5, my others run FC4 & FC6, in case that's important to the thread.) Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
