[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?

On 9/21/07, Rahul Sundaram <sundaram fedoraproject org> wrote:
> Ralf Corsepius wrote:
> >
> > If SELinux was transparently working (Which it doesn't on Fedora on many
> > situations), nobody would name it "infection".
> Pretty much every security solution has had a history of such problems.
> I remember back in the days when a firewall used to get very similar
> complaints and everyone was suggesting just to turn it off instead
> SELinux is a fundamental security paradigm change. It has taken a lot of
>   effort to get where we are now.

Quite true.

> > => This is users complaining about SELinux's usability, based on their
> > personal experiences with the Fedora implementation.
> Atleast on Mike McCarty's case he has no personal experience with it.
> Users have mixed opinions as always.

I have plenty of personal experience with SELinux in both Fedora and
CentOS, and I have been using it since FC2, ie. before setroubleshoot.
It was a good tool then, now, I do not deploy and internet facing
machine without it.

> > If SELinux was such an "terrific and compelling approach", upstream
> > Linux and other distros would have adopted it _years ago_ with standing
> > ovations - Fact is: Nobody did.
> > => This is developers and maintainers having doubts on SELinux.
> Sure. Technology changes like this take time. Lilo vs GRUB. Static dev
> vs udev as other relatively fundamental changes have also taken time for
> distributions to adopt.
> SELinux is indeed upstream and a number of distributions have varying
> levels of support for it. Both the technology as well as adoption have
> only been increasing over time.
> Rahul

That aside, popularity shouldn't be a metric when gauging the
usefulness of a piece of software.

Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]