 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 10 Jul 2012 08:28:09 +0200 |
| Content-Type: | multipart/alternative |
| Parts/Attachments: |
|
|
On Tue, Jul 10, 2012 at 6:35 AM, Nico Kadel-Garcia <[log in to unmask]> wrote:
>
> You might also consider disabling SELinux, if the machine is behind
> reasonable firewalls. SELinux has been a *disaster* in system
> security, costing far more wasted productivity and engineering
> resources than many of active worms or attack vectors of the Linux
> world, most of which it does not really help with. (Bad PHP is bad
> PHP, and SELinux does not necessarily help at all.)
>
let's agree to disagree on this one :-)
I have not had major issues since ... fedora 8?
It is true that selinux is a new tool and thus not so well understood by
plenty of people, but I quite like it. It is quite simple once you take the
time to learn it (like everything in life) and we routinely deploy settings
from cfengine for it.
--
groet,
natxo
|
|
|
