On 10/18/07, Benjamin Franz <snowhare@xxxxxxxxxxx> wrote: > > On Thu, 18 Oct 2007, Arthur Pemberton wrote: > > > On 10/18/07, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > > > >> The place it can hurt is if it causes enough problems that some number > >> of users don't don't upgrade to the versions that use it or don't do > >> timely updates because they have a history of introducing new problems. > >> This drops your first and best line of defense. > > > > Les, please... this is a public list. Do not spread FUD... there is no > > history of SELinux updates causing problems. > > [snip] > > *raised eyebrows* > > Really? You mean it has never rendered *many* systems effectively broken > at run level 5 because it broke X after an SELinux update? Glad to know it > "never happened". You personally POSTED in a Fedora-List thread on that > one: A post from 2005, once or twice isn't history. That's called exceptions. > And it has never caused systems running in *permissive* mode have yum/rpm > lockups (June 2007, https://bugzilla.redhat.com/show_bug.cgi?id=245389). > > I found 163 'high' or 'urgent' SELinux bugs reported in bugzilla. > > Things like "selinux prevents X clients from starting", 'selinux prevents > mkinitrd from running properly',' 'SELinux Update Renders Static IP > Addressing Unusable', 'policy prevents Dovecot from working', 'policy > prevents procmail from being used a as local delivery agent', 'selinux > prevents xen hotplug in Fedora 7', 'ypbind cannot run with > selinux-policy-targeted', 'mod_jk malfunctions when selinux is enforced', > 'ntpd would not start', 'Unable to login using Squirrelmail', 'selinux > update breaks spamassassin/procmail', 'selinux breaks prelink', 'dhcpd > conflict with selinux', 'selinux blocks swapon when called from > /etc/rc.d/rc.sysinit', 'crond doesn't run jobs in /var/spool/cron/root'. > > > SELinux and its updates have a *LONG* and *ONGOING* history of causing > serious, even fatal, system problems (the last one I listed above is only > a week old!) I stand corrected then. I still do not consider this to be something one can right down as history. I would consider every 2/3 updates where problems are caused to be history. Nothing warranting the kind of flaming that is going on. I've been using SELinux when appropriate for years now. -- Fedora 7 : sipping some of that moonshine ( www.pembo13.com )