Selinux
Bruno Wolff III
bruno at wolff.to
Mon Dec 1 05:55:39 UTC 2008
On Sat, Nov 29, 2008 at 20:41:51 -0500,
Tom Horsley <tom.horsley at att.net> wrote:
>
> So why isn't it much simpler and less trouble to just turn off
> selinux in the first place? I get the same level of security in the
> end, and much less hassle in the meantime :-).
Because you can still leave it protecting other processes on the system
by either using pemissive domains or using audit2allow to generate rules
you can use to add a new policy module.
What would be really nice is if people reported these issues to bugzilla
instead of or in addition to griping about them here. Then either the app
or the policy could be fixed for everyone else.
More information about the fedora-list
mailing list