Keeping SELinux on (was Attention: Proprietary video driver users (ATI, Nvidia, etc.))
Olivier Galibert
galibert at pobox.com
Thu Feb 23 17:28:46 UTC 2006
On Thu, Feb 23, 2006 at 10:19:15AM -0700, Lamont R. Peterson wrote:
> By no means is this limited to home users. I would say that the *vast*
> majority of corporate admins just turn off SELinux. The story behind how &
> why they learned to do that to begin with only vary in details. It's almost
> always, "I had problems installing X or doing Y and I found a document on the
> Internet that said that SELinux was in the way and didn't work right anyway
> and was too complicated and didn't do me any good and that I couldn't learn
> enough about it to even understand what was happening, let alone deal with
> it, in less than a month and ... well, so I just turn off SELinux and then I
> don't have to deal with it."
You forgot the alternative, "SELinux does not help at all given our
threat model, so it's all cost and no returns". That's the case here.
I won't activate SELinux any time soon.
OG.
More information about the fedora-devel-list
mailing list