That’s why I disable SELinux right away

Folks at the Fedora Project devel list asked us to enable and use SELinux. So I sent this reply:

SELinux blocks some very basic functionality I use in my Linux systems. That’s why I disable it right away.

SELinux is too complex to learn on the moment that you are setting up a new system and want to deliver real value to your client, or simply want to test new features. That’s why I disable it right away.

I consider myself a security-aware user and sysadmin. I’m pretty satisfied with the level of security I currently employ on my setups, thus I don’t see value to use a new very complex security thing as SELinux. That’s why I disable it right away.

Just to explain why I (still) don’t use SELinux.

I believe security is achieved with awareness, responsability, consciousness. Not limitations.

I also believe that users that don’t have any of those, won’t accept limitations too.

2 thoughts on “That’s why I disable SELinux right away

  1. Hmmm, I run several Fedora machines with SELinux enabled (Enforcing mode) and I never had this kind of problem Avi. :/

    Leo

  2. Hi,

    Leo if your not having any problems with SELinux consider yourself lucky cause it gives me hell. Disabling looks like a good idea!!!

Leave a Reply

Your email address will not be published.