[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best get rid of SELinux?



Somebody in the thread at some point said:

> Selinux is another layer of security, it isn't a replacement of any
> security layers, I see no reason why anyone feels such apparently
> hostility to this piece of technology.

I can remember how it made me feel in the early days of it, extreme
frustration that it was blocking what I was asking to happen.  That
frustration ended up dumped on selinux because it built up over the
minutes looking for what I had managed to do wrong, before finally
finding the AVC and putting two and two together and realizing I didn't
do anything wrong: *IT* thought it knew better.

Simply recognizing that problems with permissions, failure to start
services or whatever should first cause a check on /var/log/messages
reduced the chance for frustration to build up.  That and the fact the
targeted policies now really match what "many" people are doing with the
services, with almost enough bools to customize it in all the main ways.

-Andy


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]