Posted Jul 10, 2008 2:47 UTC (Thu) by jmorris42 (subscriber, #2203)
Parent article: SELinux and Fedora
Somebody needs to inform Mr. Cox that when the automakers used his reasoning and turned on the
airbags with no option to turn them off a lot of people, mostly children and smaller women,
DIED. That is why all new vehicles (at least in the US, perhaps the UK government prefers to
keep killing people in the name of political doctrine) have airbag kill switches for the
So yes safety features do need to consider balance. I know I tend to switch the damned thing
off after the first couple of failures, because in enforcing mode most machines are useless
and in permisive /var/log/messages is useless because of the noise. Too much junk in the logs
can cause other problems to be missed.
SELinux is great if you are building a server running a locked down set of processes and your
use happens to actually run under SELinux with only a few rounds of the SELinux Troubleshooter
giving out incomprehensible incantations to say at a root terminal, reboot and try again.
I have been running Linux/UNIX/OS-9 since the freaking 80's and totally understand the UNIX
security model, but SELinux is so alien to UNIX thought that I haven't a clue how to modify
it. I even tried wading through the O'Reilly SELinux book and just didn't get it. I suspect
that I'm not alone.