>> I would advise Patrick to disable Selinux. I've made that decision >> long ago because it gives me more problems when enabled that I can >> possibly solve. IMHO the user interface is so bad that selinux is >> unuseable for an ordinary enduser. > > So what is the purpose of SELinux ? Theodore Tso put it very well: http://lwn.net/Articles/252892/ | In some environments, say if you are creating a system that will | handle classified data for the U.S. government, there are formal | requirements that your employer, the NSA, sign off on the | solution. This allows the NSA to force the application | programmers and end users to make the tradeoff tilt very much | against convenience in favor of security. And given the threat | models and capabilities of the adversaries involved, that's | probably appropriate. | | But that's not necessarily appropriate for all users. SELINUX is | so horrible to use, that after wasting a large amount of time | enabling it and then watching all of my applications die a | horrible death since they didn't have the appropriate | hand-crafted security policy, caused me to swear off of it. For | me, given my threat model and how much my time is worth, life is | too short for SELinux. And JWZ: http://jwz.livejournal.com/719608.html -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
