Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I am *this* close to disabling selinux!

On 4/29/07, David Kramer <david at> wrote:
> 1) Thank you.  That worked.


> 2) Will that survive a reboot?  Did it change the default policy, or
> just the running policy?

not sure...I don't like SELINUX :-)  It is very difficult to
use/maintain and it a real PITA.  It really depends what you are
trying to do.  Why do you have it on?  What are you trying to protect
against?  Don't just enable it blindly and expect it to protect your
system.  There are many paths to better security...

> So yes, there's this pretty good tool if you stumble upon it, but how
> can you have a tool that's so invasive without accessible documentation?

A buddy of mine's father worked on SELINUX for the NSA.  He gave a
presentation on it a few years back.  I checked it out.  Maybe I'm
naive, but I haven't been able to put it to great use.  Sure, you can
try to enable it and convince yourself about security, but you really
need to know details about the internals to make it work for you.  And
anyways, there are many browser exploits these days and I don't think
SELINUX is going to protect someone from stealing your GPG keys once
they pwn yer browser from client side...
Kristian Hermansen

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /