SeLinux - is it worth it?

Paul Shirren shirro at shirro.com
Wed Sep 10 10:06:53 CST 2014


On 10/09/2014 6:41 am, Kim Hawtin wrote:
> On 10/09/14 03:15, David Lloyd wrote:
>> Usually SeLinux stops me from doing what I intended to do and makes my
>> systems UNUSABLE as opposed to SECURE.
>>
>> If a system is *UNUSABLE**// *it is _USELESS_.
>>
>> DISCUSS.
> 
> There is a sublte difference between trolling and ...
> 
> Oh what the hell, yes selinux is a PITA.
> 

I think these ACL/capabilities type systems are tackling things at the
wrong level for the average person. Far too much complexity to manage.

Jails/virtualisation seem much easier given the right tools to manage
them. "Hey lxc/docker/whatever, give me an instance of a base system.
Install my app. Deploy it."



More information about the linuxsa mailing list