Date: Mon, 20 Dec 2010 15:42:34 -0500 From: Chris Brennan <xaero@xaerolimit.net> To: David Brodbeck <gull@gull.us> Cc: freebsd-questions@freebsd.org, krad <kraduk@gmail.com> Subject: Re: SEBSD is dead? Message-ID: <AANLkTin=XqtUC771W-7958OMdws2wpe0FMWM9zhMyP7W@mail.gmail.com> In-Reply-To: <AANLkTikkd03To7=8TFbcr_Euo2CWh6nD1%2BhtL78aSeHQ@mail.gmail.com> References: <4D0B4D1D.8010700@gmail.com> <AANLkTimYKW=xOrVivx5okwaWrm5AWb-Y8c2KsZbMAA%2B_@mail.gmail.com> <AANLkTiks9ze649-41X-MVryu_pHdy7uHQyvSzi8Yef_G@mail.gmail.com> <20101217152709.GE94554@gizmo.acns.msu.edu> <4D0B84F5.4010905@unsane.co.uk> <20101217160221.GB94970@gizmo.acns.msu.edu> <AANLkTi=U0t92qH1d7MEYD3DKCe9hN4KKmpffpw_o4dM4@mail.gmail.com> <AANLkTimGx6414RWXru10hr-09WGLcqMedZVAXsi%2BW0JF@mail.gmail.com> <AANLkTikkd03To7=8TFbcr_Euo2CWh6nD1%2BhtL78aSeHQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 20, 2010 at 3:11 PM, David Brodbeck <gull@gull.us> wrote: > I've seen various HOWTOs about how to craft new rules to permit things > like this, but many of them seemed to be out of date or referred to > tools that don't ship with RedHat. Documentation is thin and the rule > syntax is so cryptic it makes sendmail.cf look like LOGO. It was > obviously intended to be a "no user serviceable parts inside" sort of > system, but that only works if your setup is completely standard. > > To be perfectly honest ... SELinux has frightening me from day one. For two reasons. 1) The government had the fingers in it (I just can't fathom them contributing positively and constructively to the F/OSS community. 2) Because it was so poorly documented that I couldn't figure it out. All it did was serve to piss me off and I sought other, tried-and-true methods for securing my systems. Beyond this, I've never seen a real and valid use for SELinux ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTin=XqtUC771W-7958OMdws2wpe0FMWM9zhMyP7W>