Last I was exposed to an issue, it was actually not complicated at all to disable SELinux for the only thing I found it breaking - httpd. For a development box, sometimes it is more practical to just shut it down.
Those cases aside, SELinux is part of a best-practices well balanced breakfast. If you have to turn it off - you should probably understand why; it may be symptomatic of misconfiguration. On Jan 27, 2008 1:56 PM, Joe Murphy <[EMAIL PROTECTED]> wrote: > A most excellent point! > > Joe > > ----- Original Message ----- > From: "Mathias Stearn" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Sunday, January 27, 2008 1:15 PM > Subject: Re: [UM-LINUX] Call for Presentations > > > > There is a reason the number one question for SELinux is how to turn > > it off. It brakes a lot of things and its not easy for the user to fix > > it. Unfortunately there is money in managing the problem but not in > > fixing it. > > > > --Mathias > > > > [These opinions are mine and mine alone] > > > > On Jan 25, 2008 7:57 PM, Bernie Hackett <[EMAIL PROTECTED]> wrote: > >> Mathias, you want to chime in here? Your work at Tresys just gives you > >> the warm and fuzzies for SELinux... > >> > >> -Bernie > >> > >> > >> On Jan 25, 2008 6:33 PM, Shawn Wells <[EMAIL PROTECTED]> wrote: > >> > > >> > Richard Matthew McCutchen wrote: > >> > > >> > On Fri, 2008-01-25 at 17:31 -0500, Shawn Wells wrote: > >> > > >> > > >> > What do ya want to know? If I can't do it myself, I can pull in > >> > allot of great resources. > >> > > >> > I recently did a presentation with Dave Caplan -- he wrote the > >> > "SELinux by Example" book > >> > ( > http://www.freesoftwaremagazine.com/articles/book_review_selinux_by_example > ). > >> > The other author, Karl MacMillan, sits in the desk next to mine. > Security > >> > is > >> > a hot topic internally to Red Hat right now. > >> > > >> > I would like to hear about SELinux. When I first installed Fedora on > my > >> > computer, SELinux was enabled by default, and it broke a bunch of > >> > applications, so I gave up on it. I would be interested to hear > whether > >> > you think SELinux is worthwhile for personal machines and, if so, how > to > >> > make it work nicely. > >> > > >> > Matt > >> > > >> > > >> > You got it. How/where do I sign up for a date? > >> > > >> > Also, I *do* think SELinux is ready for desktop. I'm running it > right now > >> > on my laptop. > >> > > >> > -- Mehmet Yilmaz
