Linux & Open Source

That’s why I disable SELinux right away

Folks at the Fedora Project devel list asked us to enable and use SELinux. So I sent this reply:

SELinux blocks some very basic functionality I use in my Linux systems. That’s why I disable it right away.

SELinux is too complex to learn on the moment that you are setting up a new system and want to deliver real value to your client, or simply want to test new features. That’s why I disable it right away.

I consider myself a security-aware user and sysadmin. I’m pretty satisfied with the level of security I currently employ on my setups, thus I don’t see value to use a new very complex security thing as SELinux. That’s why I disable it right away.

Just to explain why I (still) don’t use SELinux.

I believe security is achieved with awareness, responsability, consciousness. Not limitations.

I also believe that users that don’t have any of those, won’t accept limitations too.

2 comments to That’s why I disable SELinux right away

Leave a Reply

  

  

  

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>