That’s why I disable SELinux right away

Folks at the Fedora Project devel list asked us to enable and use SELinux. So I sent this reply:

SELinux blocks some very basic functionality I use in my Linux systems. That’s why I disable it right away.

SELinux is too complex to learn on the moment that you are setting up a new system and want to deliver real value to your client, or simply want to test new features. That’s why I disable it right away.

I consider myself a security-aware user and sysadmin. I’m pretty satisfied with the level of security I currently employ on my setups, thus I don’t see value to use a new very complex security thing as SELinux. That’s why I disable it right away.

Just to explain why I (still) don’t use SELinux.

I believe security is achieved with awareness, responsability, consciousness. Not limitations.

I also believe that users that don’t have any of those, won’t accept limitations too.

2 comments on “That’s why I disable SELinux right away

  • Leonardo Vaz says:

    Hmmm, I run several Fedora machines with SELinux enabled (Enforcing mode) and I never had this kind of problem Avi. :/


  • Hi,

    Leo if your not having any problems with SELinux consider yourself lucky cause it gives me hell. Disabling looks like a good idea!!!


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>