How best (BUT WHY) get rid of SELinux?

[Res]

On Tue, 25 Sep 2007, Paul Shaffer wrote:

> The whole premise of this thead is just absolutely ridiculous.  A naive user has an issue of some sort, immediately throws the baby out with the bath and then every other uninformed Linux using imbecile on this list joins in the stupidity.
>
>  Does anybody here really believe the NSA spent how many years (?) and untold millions of dollars developing the technology for no good reason?  Amazing, just amazing.  Shocked? Maybe.  Disappointed?  Yes.  Surprised?  No.
>
> GNUGravity <no-reply-gw at fcp.surfsite.org> wrote:
>  ...interesting...
>
> I am rather shocked to see such an advanced community not reaping the benefits of SE Linux on Fedora/Red Hat. It's the reason I hesitate to use other distributions for mission critical applications within my organization.
>
> With that said, I concede that it does require configuration. What works well for me is to suspend the SELinux service, perform the configuration, test and apply the config and then turn SELinux back on. From there, open the ports and configure as needed. There is an excellent O'Reilly book "SELinux NSA's Open Source Security Enhanced Linux" that will assist in explaining configuration options and debugging. There's always this forum and FedoraForums for assistance.
>
> I value both my and my client's data. To me, it's worth the time and effort taken to implement security measures. I don't recommend turning it off and specifically not for organizational use. If you want to kill it on your desktop, that's up to you.
>
> Best of luck to all ;)
>

get your hand of it,. some of us baby out teh windows throwing idiots have 
been doing this probably longer than you have been conceived.

I, like thousands of other network managers would rather have their 
servers ONLINE working without dramas for paying customers, then to have 
to take the things offline constantly to mess around with somthing which 
is a nuisance and interferes with our paying customers services, if they 
want to install a new program on a shared or dedicated host server at 
4am to minimise downtime to their clients, they should be able to do it 
knowing when they are done it works, not have to contact the NOC at 5AM 
because selinux has fucked them up the ass and they are stressing their 
clients cant interact with them, some of these are ticket services 
for major events and so on, it makes them think twice about renewing, 
because they see it as a problem they have experienced and think "is this 
going to happen everytime I make major changes".. etc etc