On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia <nka...@gmail.com> wrote:

> You might also consider disabling SELinux, if the machine is behind
> reasonable firewalls. SELinux has been a *disaster* in system
> security, costing far more wasted productivity and engineering
> resources than many of active worms or attack vectors of the Linux
> world, most of which it does not really help with. (Bad PHP is bad
> PHP, and SELinux does not necessarily help at all.)

 let's agree to disagree on this one :-)

I have not had major issues since ... fedora 8?

It is true that selinux is a new tool and thus not so well understood by
plenty of people, but I quite like it. It is quite simple once you take the
time to learn it (like everything in life) and we routinely deploy settings
from cfengine for it.


Reply via email to