SELinux last straw

Benjamin Franz snowhare at nihongo.org
Thu Oct 18 16:23:08 UTC 2007 

On Thu, 18 Oct 2007, Arthur Pemberton wrote:

> On 10/18/07, Les Mikesell <lesmikesell at gmail.com> wrote:
>
>> The place it can hurt is if it causes enough problems that some number
>> of users don't don't upgrade to the versions that use it or don't do
>> timely updates because they have a history of introducing new problems.
>>   This drops your first and best line of defense.
>
> Les, please... this is a public list. Do not spread FUD... there is no
> history of SELinux updates causing problems.

[snip]

*raised eyebrows*

Really? You mean it has never rendered *many* systems effectively broken 
at run level 5 because it broke X after an SELinux update? Glad to know it 
"never happened". You personally POSTED in a Fedora-List thread on that 
one:

   "Sorry dude, but join the club, best bet is to downgrade to the
    previous version, and put an except in your yum.conf so yum
    won't upgrade it again." Arthur Pemberton, June 29, 2005 12:16:38 -0400

And it has never caused systems running in *permissive* mode have yum/rpm 
lockups (June 2007, https://bugzilla.redhat.com/show_bug.cgi?id=245389).

I found 163 'high' or 'urgent' SELinux bugs reported in bugzilla.

Things like "selinux prevents X clients from starting", 'selinux prevents 
mkinitrd from running properly',' 'SELinux Update Renders Static IP 
Addressing Unusable', 'policy prevents Dovecot from working', 'policy 
prevents procmail from being used a as local delivery agent', 'selinux 
prevents xen hotplug in Fedora 7', 'ypbind cannot run with 
selinux-policy-targeted', 'mod_jk malfunctions when selinux is enforced', 
'ntpd would not start', 'Unable to login using Squirrelmail', 'selinux 
update breaks spamassassin/procmail', 'selinux breaks prelink', 'dhcpd 
conflict with selinux', 'selinux blocks swapon when called from 
/etc/rc.d/rc.sysinit', 'crond doesn't run jobs in /var/spool/cron/root'.


SELinux and its updates have a *LONG* and *ONGOING* history of causing 
serious, even fatal, system problems (the last one I listed above is only 
a week old!)

-- 
Benjamin Franz

"It is moronic to predict without first establishing an error rate
  for a prediction and keeping track of one’s past record of accuracy."
                     -- Nassim Nicholas Taleb, Fooled By Randomness

More information about the fedora-list mailing list