> | hand-crafted security policy, caused me to swear off of it. For > | me, given my threat model and how much my time is worth, life is > | too short for SELinux. > > And JWZ: > > http://jwz.livejournal.com/719608.html And if you have a machine actually plugged into the internet, handling any untrusted content or with potentialy buggy apps (which is just about anything that opens an image for example) then its kind of useful. An awful lot of attacks simply don't work because of SELinux. But it's your system, one of the things about Free Software is you control the tradeoffs on your machine not some vendor by diktat. Myself - I'm prepared to fiddle now and then with SELinux settings on my box so that its much harder to steal all my email, run off with my credit card data or just be a nuisance. Sad to see people made the same argument about firewalls long ago - turn it off it breaks doom, video streaming, etc. Nowdays anyone suggesting turning off your firewall or always running as root (saves debugging file permission problems) would be howled down. It's not alas occurred yet with SELinux. As to software which demands you disable security, I always apply common sense and treat it the same way as if a passing tradesman says "can you just leave your door unlocked for the weekend" Alan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
