Selinux

[Tom Horsley]

> That's a bit like asking how to turn off the burglar alarm so
> break-ins won't be so noisy. The correct question is how to set
> attributes correctly so google earth will run, and the answer may be
> in the SElinux report, as it often is. Real the report and see if it
> gives you a command to run which solves the problem.  

OK, I can turn off selinux, and not get any of these errors, or
I can leave selinux on, get errors, look at the troubleshoot report,
and follow the instructions to enable the program that had problems
to go ahead and do whatever nasty things selinux detected. All without
doing the kind of massive code review required to prove that the nasty
things are actually harmless in this particular program's case.

So why isn't it much simpler and less trouble to just turn off
selinux in the first place? I get the same level of security in the
end, and much less hassle in the meantime :-).

(Some days I feel like I should start the Linux Curmudgeon blog,
but there is probably one out there already - I haven't looked).