Re: SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike McCarty <Mike.McCarty <at> sbcglobal.net> writes:

> ... 
> Additionally, I note that quite a bit of the bandwidth on the Fedora
> and CentOS echoes relate to SELinux making ordinary people doing
> ordinary things difficult. It's a complex subsystem, and I don't need
> more complexity on my machine, either just in defective code (which
> it certainly must have) or in additional administration requirements.
> 
> Anyway, it's enough simply to say that I don't want it, for whatever
> reasons, and so I'm on my way not to using any Linux distro which
> forces it upon me.
> 
> Mike

Yes, I agree with you.
It is a product of academics employed by NSA, and so of questionable practical
use for people who are dealing with system admin and security issues on daily
basis.

While being aware that I am expanding the thread with another sub-topic, let
me inject here another fiasco in waiting (or already done).
This one will also affect UNIX/Linux system programming and introduce MORE
complexity and LESS security.
How about that "for a change" ?

It is called "capabilities".

http://fedoraproject.org/wiki/Features/RemoveSETUID

Read this carefully (it will scare you if you bother to get deep into it):

http://fedoraproject.org/wiki/Talk:Features/RemoveSETUID

JB


-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux