Re: SElinux really needed ?
From: Tim (tim_at_mail.localhost.invalid)
Date: 06/29/05
- Previous message: returnGoodguy: "installing APM on REDHAT 9.0 (freetype2 and gd problem maybe)"
- In reply to: Adam: "SElinux really needed ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 29 Jun 2005 16:03:06 +0900
On Wed, 29 Jun 2005 14:36:00 -0400, Adam wrote:
> On a small machine, with no networking except for dialup - is it usual to
> install SElinux with it turned off ?
In it's current existence (only preventing some things, because too many
things won't work otherwise, or too many rules need making), I find it a
bit pointless.
It's a right pain for things like webserving, where you'd expect making
things, and parents (where necessary), world readable would be enough.
But no, you also have to mess with SELinux permissions.
It's also very annoying in the way you label things. Making something
readable to me, a group, or the world (the original permission bits) is
rather obvious (their naming, and the few you have to choose from, are
quite easy to understand), but what you pick from for SELinux permissions
are extremely arcane.
I think it's far from ready for real use, yet. It gets in the way, and
doesn't do the job it needs to do, properly, anyway.
-- If you insist on e-mailing me, use the reply-to address (it's real but temporary). But please reply to the group, like you're supposed to. This message was sent without a virus, please delete some files yourself.
- Previous message: returnGoodguy: "installing APM on REDHAT 9.0 (freetype2 and gd problem maybe)"
- In reply to: Adam: "SElinux really needed ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
