Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Thu, 18 Oct 2007, Arthur Pemberton wrote:


On 10/18/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:


The place it can hurt is if it causes enough problems that some number
of users don't don't upgrade to the versions that use it or don't do
timely updates because they have a history of introducing new problems.
  This drops your first and best line of defense.


Les, please... this is a public list. Do not spread FUD... there is no
history of SELinux updates causing problems.


[snip]

*raised eyebrows*
Really? You mean it has never rendered *many* systems effectively broken at run level 5 because it broke X after an SELinux update? Glad to know it "never happened". You personally POSTED in a Fedora-List thread on that one: 

  "Sorry dude, but join the club, best bet is to downgrade to the
   previous version, and put an except in your yum.conf so yum
   won't upgrade it again." Arthur Pemberton, June 29, 2005 12:16:38 -0400
And it has never caused systems running in *permissive* mode have yum/rpm lockups (June 2007, https://bugzilla.redhat.com/show_bug.cgi?id=245389). 

I found 163 'high' or 'urgent' SELinux bugs reported in bugzilla.
Things like "selinux prevents X clients from starting", 'selinux prevents mkinitrd from running properly',' 'SELinux Update Renders Static IP Addressing Unusable', 'policy prevents Dovecot from working', 'policy prevents procmail from being used a as local delivery agent', 'selinux prevents xen hotplug in Fedora 7', 'ypbind cannot run with selinux-policy-targeted', 'mod_jk malfunctions when selinux is enforced', 'ntpd would not start', 'Unable to login using Squirrelmail', 'selinux update breaks spamassassin/procmail', 'selinux breaks prelink', 'dhcpd conflict with selinux', 'selinux blocks swapon when called from /etc/rc.d/rc.sysinit', 'crond doesn't run jobs in /var/spool/cron/root'.
SELinux and its updates have a *LONG* and *ONGOING* history of causing serious, even fatal, system problems (the last one I listed above is only a week old!) 

--
Benjamin Franz

"It is moronic to predict without first establishing an error rate
 for a prediction and keeping track of oneâ??s past record of accuracy."
                    -- Nassim Nicholas Taleb, Fooled By Randomness
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux