[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How best (BUT WHY) get rid of SELinux?



On Tue, 25 Sep 2007, Paul Shaffer wrote:

The whole premise of this thead is just absolutely ridiculous.  A naive user has an issue of some sort, immediately throws the baby out with the bath and then every other uninformed Linux using imbecile on this list joins in the stupidity.

 Does anybody here really believe the NSA spent how many years (?) and untold millions of dollars developing the technology for no good reason?  Amazing, just amazing.  Shocked? Maybe.  Disappointed?  Yes.  Surprised?  No.

GNUGravity <no-reply-gw fcp surfsite org> wrote:
 ...interesting...

I am rather shocked to see such an advanced community not reaping the benefits of SE Linux on Fedora/Red Hat. It's the reason I hesitate to use other distributions for mission critical applications within my organization.

With that said, I concede that it does require configuration. What works well for me is to suspend the SELinux service, perform the configuration, test and apply the config and then turn SELinux back on. From there, open the ports and configure as needed. There is an excellent O'Reilly book "SELinux NSA's Open Source Security Enhanced Linux" that will assist in explaining configuration options and debugging. There's always this forum and FedoraForums for assistance.

I value both my and my client's data. To me, it's worth the time and effort taken to implement security measures. I don't recommend turning it off and specifically not for organizational use. If you want to kill it on your desktop, that's up to you.

Best of luck to all ;)


get your hand of it,. some of us baby out teh windows throwing idiots have been doing this probably longer than you have been conceived.

I, like thousands of other network managers would rather have their servers ONLINE working without dramas for paying customers, then to have to take the things offline constantly to mess around with somthing which is a nuisance and interferes with our paying customers services, if they want to install a new program on a shared or dedicated host server at 4am to minimise downtime to their clients, they should be able to do it knowing when they are done it works, not have to contact the NOC at 5AM because selinux has fucked them up the ass and they are stressing their clients cant interact with them, some of these are ticket services for major events and so on, it makes them think twice about renewing, because they see it as a problem they have experienced and think "is this going to happen everytime I make major changes".. etc etc




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]