One issue is that sometimes, companies make this a requirement, and the IT people who do the real work just have to follow the rules. Whenever I set up a new system I always to to /etc/selinux and change config to SELINUX=disabled I recently change SELINUXTYPE to disabled, and screwed up everything to where I could not even log in. That is what rescue systems are for.
On 04/02/2014 12:37 PM, Richard Pieri wrote: > Greg Rundlett (freephile) wrote: >> It's rather (annoyingly) humorous that there is a webpage at the NSA >> titled "Current State of SELinux" >> http://www.nsa.gov/research/_files/selinux/papers/x/text8.shtml which is >> a blank white page. > > That's funny. > > Regardless, my suggestion not to use SELinux has nothing to do with > the NSA. It's because SELinux is the wrong tool most of the time. If > you don't need multi-level access control then AppArmor offers at > least as good protection as the SELinux targeted policy (which was > designed to emulate AppArmor's functionality) in a more easily managed > form. > -- Jerry Feldman <[email protected]> Boston Linux and Unix PGP key id:3BC1EB90 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
_______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
